Russian Vulnerability Scanner Database

Back to List

BDU:2015-00127

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

4.3medium2.0
0246810

CVSS Score: 4.3/10

All CVSS Scores

CVSS 2.0
4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Description

Уязвимость существует в OpenSSL из-за некорректного ограничения обработки сообщений ChangeCipherSpec. Эксплуатация данной уязвимости позволяет злоумышленнику, действующему по принципу “человек посередине”, спровоцировать использование пустого (нулевой длины) мастер-ключа в передаче данных OpenSSL-to-OpenSSL с последующим перехватом сессии или получением доступа к конфиденциальной информации при помощи специально сформированного TLS-квитирования (handshake). Данная уязвимость также известна под названием “Внедрение CCS”.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2014-0224

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup21571
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22522
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22532
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22544
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22563
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22587
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22590
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22652
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22663
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22670
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup28056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
CISCO
(CSCup28056)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup28056
CISCO
(CSCup22544)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22544
CISCO
(CSCup22532)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22532
CISCO
(CSCup21571)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup21571
CISCO
(CSCup22652)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22652
CISCO
(CSCup22522)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22522
CISCO
(CSCup22590)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22590
CISCO
(CSCup22663)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22663
CISCO
(CSCup22563)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22563
CISCO
(CSCup22670)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22670
CISCO
(CSCup22587)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22587
"

Recommendations

Source: bdu

Использование рекомендаций производителя:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

URL: https://bdu.fstec.ru/vul/2015-00127

Vulnerable Software (1)

Type: Configuration

Vendor: cisco systems inc.

Product: cisco intrusion prevention system

Operating System: * *

Trait: 
{  "version_end_excluding": "7.4",  "version_start_including": "6.2"}

Source: bdu