OpenSSL up to 1.0.2j/1.1.0c on x64 RSA/DSA/DH BN_mod_exp Private Key information disclosure
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.1 | $0-$5k | 0.00 |
A vulnerability was found in OpenSSL up to 1.0.2j/1.1.0c on x64 (Network Encryption Software). It has been rated as problematic. Affected by this issue is the function BN_mod_exp of the component RSA/DSA/DH. The manipulation with an unknown input leads to a information disclosure vulnerability (Private Key). Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality, integrity, and availability.
The bug was discovered 01/26/2017. The weakness was presented 01/26/2017 by OSS-Fuzz as 20170126.txt as confirmed security advisory (Website). The advisory is available at openssl.org. The public release was coordinated in cooperation with the vendor. This vulnerability is handled as CVE-2017-3732 since 12/16/2016. The exploitation is known to be difficult. The attack may be launched remotely. The requirement for exploitation is a simple authentication. Successful exploitation requires user interaction by the victim. Technical details are known, but there is no available exploit. This vulnerability is assigned to T1592 by the MITRE ATT&CK project. The advisory points out:
There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites.
The vulnerability was handled as a non-public zero-day exploit for at least 11 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 99212 (openSUSE Security Update : nodejs4 (openSUSE-2017-442)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 371180 (IBM Java SDK Multiple Vulnerabilities (Oracle July 17 2018 CPU (1.6.0_201, 1.7.0_191, 1.8.0_181))).
Upgrading to version 1.0.2k or 1.1.0d eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (99212). mta.openssl.org is providing further details. See 68431, 81142, 82682 and 83122 for similar entries.
Not Affected
- OpenSSL up to 1.0.2
Product
Type
Name
Version
License
Support
- end of life (old version)
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.2VulDB Meta Temp Score: 5.1
VulDB Base Score: 4.6
VulDB Temp Score: 4.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.9
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Name: Private KeyClass: Information disclosure / Private Key
CWE: CWE-200 / CWE-284 / CWE-266
ATT&CK: T1592
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 99212
Nessus Name: openSUSE Security Update : nodejs4 (openSUSE-2017-442)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 800325
OpenVAS Name: F5 BIG-IP - OpenSSL vulnerability CVE-2017-3732
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: OpenSSL 1.0.2k/1.1.0d
Patch: github.com
Timeline
12/16/2016 🔍01/15/2017 🔍
01/26/2017 🔍
01/26/2017 🔍
01/26/2017 🔍
01/26/2017 🔍
01/26/2017 🔍
01/27/2017 🔍
04/06/2017 🔍
05/04/2017 🔍
11/04/2022 🔍
Sources
Product: openssl.orgAdvisory: 20170126.txt
Researcher: OSS-Fuzz
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2017-3732 (🔍)
OVAL: 🔍
SecurityTracker: 1037717
SecurityFocus: 95814 - OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
OSVDB: - CVE-2017-3732 - OpenSSL - Denial of Service Issue
Misc.: 🔍
See also: 🔍
Entry
Created: 01/27/2017 08:16Updated: 11/04/2022 09:50
Changes: 01/27/2017 08:16 (82), 08/04/2020 18:07 (17), 11/04/2022 09:50 (4)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.