Network Encryption Software Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor

Not Defined448
Cisco110
gnu13
Check Point12
OpenVPN11

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

OpenSSL231
Tor100
Cisco AnyConnect Secure Mobility Client63
GnuTLS32
OpenVPN32

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix544
Temporary Fix0
Workaround2
Unavailable0
Not Defined133

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High14
Functional2
Proof-of-Concept140
Unproven85
Not Defined438

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical1
Local101
Adjacent19
Network558

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High1
Low129
None549

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required26
None653

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤31
≤441
≤547
≤6249
≤7108
≤8154
≤938
≤1041

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤444
≤5119
≤6208
≤7155
≤886
≤943
≤1021

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤460
≤533
≤6295
≤761
≤8157
≤922
≤1049

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤46
≤56
≤649
≤713
≤897
≤913
≤1028

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤72
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤71
≤81
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k30
<2k94
<5k101
<10k57
<25k280
<50k84
<100k29
≥100k4

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k519
<2k24
<5k73
<10k43
<25k19
<50k1
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (109): AnchorFree VPN SDK, Apache Mod-gnutls, Aviatrix OpenVPN Client, Aviatrix VPN Client, Barracuda SSL VPN, Barracuda SSL VPN 680, Barracuda SSL VPN 680Vx, Barracuda VPN Client, Bitmask VPN, Check Point Check Point Vpn-1 Pro, Check Point KEv2 IPsec VPN, Check Point Mobile Access, Check Point SecureClient, Check Point SSL VPN, Check Point VPN-1, Check Point Vpn-1 Secureclient, Check Point VPN-1 UTM Edge, Cisco AnyConnect Network Access Manager, Cisco AnyConnect Secure Mobility Client, Cisco AnyConnect SSL VPN, Cisco SSL VPN, Cisco Vpn 30xx Concentrator, Cisco VPN 30xx Concentrator, Cisco VPN 500 Concentrator, Cisco VPN 3000 Concentrator, Cisco VPN 3002 Hardware Client, Cisco VPN 3060 Concentrator, Cisco Vpn 3080 Concentrator, Cisco VPN 5000 Client, Cisco VPN Client, Cisco VPN Concentrator, Cohesive Networks VNS3:vpn, Exponent strongSwan, Forcepoint VPN Client, furlongm openvpn-monitor, GNU GnuTLS, Gnu GnuTLS, gnu gnutls, GnuTLS, GnuTLS libtasn1, Hola VPN, Hotspot Shield VPN, Intoto iGateway SSL-VPN, Jazzpodiumdetor Jazzpodium De Tor, Jean-paul Calderone pyOpenSSL, Kaspersky VPN Secure Connection, London Trust Media Private Internet Access VPN Client, lua-openssl, Mod-gnutls, node-openssl, NordVPN, Nortel Contivity VPN Client, Nortel SSL VPN, ocshield DataGard VPN + AV, openssl.js, OpenSSL, OpenSSL FIPS Object Module, OpenSSL Crate, openssl gem, OpenVPN, OpenVPN Access Server, OpenVPN Connect, OpenVPN Core Library, OpenVPN Private Tunnel Installer, OpenVPN Connect, Perl-openssl libcrypt-openssl-dsa-perl, PortWise SSL VPN, ProtonVPN VPN Client, pyOpenSSL, Riseup VPN, Safenet Softremote VPN Client, SafeNET Softremote VPN Client, safenet vpn client, SaferVPN, Schmid ZI 620 V400 VPN 090, Securepoint Lueneburg Securepoint SSL VPN Client, Securepoint SSL VPN Client, Shimo VPN, Shrew VPN Client, SoftEther VPN Server, SSLeay, Steganos Steganos Online Shield VPN, strongSwan, Strongswan, strongswan, strongSWAN, Symantec Clientless Vpn Gateway 4400, Synology SSL VPN Client, TheGreenBow IPSec VPN Client, TheGreenBow VPN Client, tinc VPN, Tor, tor, Tor Browser, Tor Browser Launcher, Tor Browser the Short Guide, Tor World Simple Vote, Vectura Perfect Privacy VPN Manager, vpn-user-portal, VPN Unlimited, Windscribe VPN, ZyXEL APT, ZyXEL NSG, ZyXEL USG, ZyXEL USG Flex, ZyXEL UTM, ZyXEL VPN, ZyXEL VPN On-premise, ZyXEL VPN Orchestrator

PublishedBaseTempVulnerabilityProdExpRemCTICVE
12/31/20218.07.7Bitmask/Riseup VPN access controlVPNNot DefinedNot Defined0.05CVE-2021-44466
12/14/20213.73.6OpenSSL libssl X509_verify_cert denial of serviceOpenSSLNot DefinedOfficial Fix0.16CVE-2021-4044
11/04/20217.87.6Cisco AnyConnect Secure Mobility Client Network Access Manager privileges assignmentAnyConnect Secure Mobility ClientNot DefinedOfficial Fix0.05CVE-2021-40124
10/19/20215.55.3Check Point Mobile Access/SSL VPN Portal Agent os command injectionMobile Access/SSL VPNNot DefinedNot Defined0.05CVE-2021-30358
10/18/20214.34.1strongSwan gmp Plugin integer overflowstrongSwanNot DefinedOfficial Fix0.05CVE-2021-41990
10/18/20216.36.0strongSwan In-memory Certificate Cache integer overflowstrongSwanNot DefinedOfficial Fix0.05CVE-2021-41991
10/07/20217.06.8Cisco AnyConnect Secure Mobility Client Interprocess Communication toctouAnyConnect Secure Mobility ClientNot DefinedOfficial Fix0.05CVE-2021-34788
09/27/20213.53.4furlongm openvpn-monitor Management Interface Socket command injectionopenvpn-monitorNot DefinedNot Defined0.05CVE-2021-31605
09/27/20213.53.4furlongm openvpn-monitor cross-site request forgeryopenvpn-monitorNot DefinedNot Defined0.06CVE-2021-31604
09/27/20215.55.3furlongm openvpn-monitor authorizationopenvpn-monitorNot DefinedNot Defined0.00CVE-2021-31606
09/25/20213.12.9Tor Browser Timestamp log fileBrowserNot DefinedOfficial Fix0.00CVE-2021-39246
09/24/20216.36.0vpn-user-portal QR Code Privilege Escalationvpn-user-portalNot DefinedOfficial Fix0.06CVE-2021-41583
09/24/20214.84.7OpenVPN Access Server Web Login Page injectionAccess ServerNot DefinedOfficial Fix0.05CVE-2021-3824
08/30/20216.36.0Tor signature verificationTorNot DefinedOfficial Fix0.07CVE-2021-38385
08/24/20217.37.0OpenSSL SM2 Data EVP_PKEY_decrypt buffer overflowOpenSSLNot DefinedOfficial Fix0.05CVE-2021-3711
08/24/20213.73.6OpenSSL ASN.1 X509_get1_ocsp out-of-bounds readOpenSSLNot DefinedOfficial Fix0.05CVE-2021-3712
07/12/20213.73.6OpenVPN Core Library Server Certificate certificate validationCore LibraryNot DefinedOfficial Fix0.00CVE-2021-3547
07/03/20216.36.3OpenVPN Connect OpenSSL Configuration File OpenVPNConnect.exe uncontrolled search pathConnectNot DefinedNot Defined0.05CVE-2021-3613
07/03/20216.36.0OpenVPN OpenSSL Configuration File openvpn.exe uncontrolled search pathOpenVPNNot DefinedOfficial Fix0.06CVE-2021-3606
06/30/20213.53.4Tor v3 Onion Service Descriptor Parser out-of-bounds readTorNot DefinedOfficial Fix0.06CVE-2021-34550
06/30/20215.55.3Tor Circuit ID Privilege EscalationTorNot DefinedOfficial Fix0.06CVE-2021-34549
06/29/20215.55.3Tor Relay access controlTorNot DefinedOfficial Fix0.05CVE-2021-34548
06/29/20215.35.1Securepoint SSL VPN Client Configuration Handling access controlSSL VPN ClientNot DefinedOfficial Fix0.05CVE-2021-35523
06/17/20214.34.1Cisco AnyConnect Secure Mobility Client VPN Agent Service memory allocationAnyConnect Secure Mobility ClientNot DefinedOfficial Fix0.05CVE-2021-1568
06/17/20217.57.2Cisco AnyConnect Secure Mobility Client Interprocess Communication toctouAnyConnect Secure Mobility ClientNot DefinedOfficial Fix0.05CVE-2021-1567

654 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!