CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CVE-2019-7615 (GCVE-0-2019-7615)
Vulnerability from cvelistv5 – Published: 2019-07-30 21:15 – Updated: 2024-08-04 20:54
VLAI
Summary
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.
Severity
No CVSS data available.
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.elastic.co/community/security/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Elastic | Elastic APM agent for Ruby |
Affected:
before 2.9.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:27.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elastic.co/community/security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elastic APM agent for Ruby",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 2.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the \u0027server_ca_cert\u0027 setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T21:15:47.000Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elastic.co/community/security/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elastic APM agent for Ruby",
"version": {
"version_data": [
{
"version_value": "before 2.9.0"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the \u0027server_ca_cert\u0027 setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security/",
"refsource": "MISC",
"url": "https://www.elastic.co/community/security/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2019-7615",
"datePublished": "2019-07-30T21:15:47.000Z",
"dateReserved": "2019-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:54:27.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10059 (GCVE-0-2020-10059)
Vulnerability from cvelistv5 – Published: 2020-05-11 22:26 – Updated: 2024-09-17 02:07
VLAI
Title
UpdateHub Module Explicitly Disables TLS Verification
Summary
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
Severity
4.8 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36 | x_refsource_MISC |
| https://github.com/zephyrproject-rtos/zephyr/pull/24954 | x_refsource_MISC |
| https://github.com/zephyrproject-rtos/zephyr/pull/24999 | x_refsource_MISC |
| https://github.com/zephyrproject-rtos/zephyr/pull/24997 | x_refsource_MISC |
| https://docs.zephyrproject.org/latest/security/vu… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject-rtos | zephyr |
Affected:
2.1.0 , < unspecified
(custom)
|
Date Public
2020-05-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
],
"discovery": "EXTERNAL"
},
"title": "UpdateHub Module Explicitly Disables TLS Verification",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10059",
"STATE": "PUBLIC",
"TITLE": "UpdateHub Module Explicitly Disables TLS Verification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24954",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24999",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24997",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10059",
"datePublished": "2020-05-11T22:26:16.442Z",
"dateReserved": "2020-03-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:07:14.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10925 (GCVE-0-2020-10925)
Vulnerability from cvelistv5 – Published: 2020-07-28 17:10 – Updated: 2024-08-04 11:14
VLAI
Summary
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647.
Severity
7.5 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-705/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "R6700",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "V1.0.4.84_10.0.58"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski of Team Flashback"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-28T17:10:36.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-705/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-10925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "R6700",
"version": {
"version_data": [
{
"version_value": "V1.0.4.84_10.0.58"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "Pedro Ribeiro and Radek Domanski of Team Flashback",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-705/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-705/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-10925",
"datePublished": "2020-07-28T17:10:36.000Z",
"dateReserved": "2020-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:15.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12143 (GCVE-0-2020-12143)
Vulnerability from cvelistv5 – Published: 2020-05-05 19:53 – Updated: 2024-08-04 11:48
VLAI
Title
The certificate used to identify Orchestrator to EdgeConnect devices is not validated
Summary
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.
Severity
6 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.silver-peak.com/sites/default/files/a… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Silver Peak Systems, Inc. | 1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, 3. EdgeConnect in AWS, Azure, GCP |
Affected:
All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, \u202f 3. EdgeConnect in AWS, Azure, GCP",
"vendor": "Silver Peak Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Any required configuration\n\u2022\tDo not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings. \n\nSolution link - References \n The full details of the CVE can be found at https://www.cvedetails.com/cve/CVE-2020-12143."
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was reported to Silver Peak by Denis Kolegov, Mariya Nedyak, and Anton Nikolaev from the SD-WAN New Hop team."
}
],
"descriptions": [
{
"lang": "en",
"value": "The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-07T16:58:22.000Z",
"orgId": "83cc1b1a-46b0-4ac1-94f2-bbef3319bc4c",
"shortName": "Silver Peak"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Any required configuration\n\u2022\tDo not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings. \n\nSolution link - References \n The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator_cve_2020_12143.pdf"
}
],
"source": {
"advisory": "2020 -04-24-001- 002",
"discovery": "EXTERNAL"
},
"title": "The certificate used to identify Orchestrator to EdgeConnect devices is not validated",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@silver-peak.com",
"ID": "CVE-2020-12143",
"STATE": "PUBLIC",
"TITLE": "The certificate used to identify Orchestrator to EdgeConnect devices is not validated"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, \u202f 3. EdgeConnect in AWS, Azure, GCP",
"version": {
"version_data": [
{
"version_name": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+",
"version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+"
}
]
}
}
]
},
"vendor_name": "Silver Peak Systems, Inc."
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "Any required configuration\n\u2022\tDo not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings. \n\nSolution link - References \n The full details of the CVE can be found at https://www.cvedetails.com/cve/CVE-2020-12143."
}
],
"credit": [
{
"lang": "eng",
"value": "This vulnerability was reported to Silver Peak by Denis Kolegov, Mariya Nedyak, and Anton Nikolaev from the SD-WAN New Hop team."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf",
"refsource": "CONFIRM",
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Any required configuration\n\u2022\tDo not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings. \n\nSolution link - References \n The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator_cve_2020_12143.pdf"
}
],
"source": {
"advisory": "2020 -04-24-001- 002",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "83cc1b1a-46b0-4ac1-94f2-bbef3319bc4c",
"assignerShortName": "Silver Peak",
"cveId": "CVE-2020-12143",
"datePublished": "2020-05-05T19:53:56.000Z",
"dateReserved": "2020-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:48:58.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12144 (GCVE-0-2020-12144)
Vulnerability from cvelistv5 – Published: 2020-05-05 19:54 – Updated: 2024-08-04 11:48
VLAI
Title
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated
Summary
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.
Severity
6 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.silver-peak.com/sites/default/files/a… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Silver Peak Systems, Inc. | 1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator 3. EdgeConnect in AWS, Azure, GCP |
Affected:
All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator\u202f 3. EdgeConnect in AWS, Azure, GCP",
"vendor": "Silver Peak Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was reported to Silver Peak by Denis Kolegov, Mariya Nedyak, and Anton Nikolaev from the SD-WAN New Hop team."
}
],
"descriptions": [
{
"lang": "en",
"value": "The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-07T16:59:01.000Z",
"orgId": "83cc1b1a-46b0-4ac1-94f2-bbef3319bc4c",
"shortName": "Silver Peak"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Resolution \n\u2022\tChanges have been made to strengthen the initial exchange between the EdgeConnect appliance and the Cloud Portal. After the changes, EdgeConnect will validate the certificate used to identify the Silver Peak Cloud Portal to EdgeConnect. \n\n\u2022\tTLS itself is continually subject to newly discovered and exploitable vulnerabilities. As such, all versions of EdgeConnect software implement additional out-of-band and user-controlled authentication mechanisms. \n\nAny required configuration\n\u2022\tDo not change Cloud Portal\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Portal Certificate\u201d option under Advanced Security Settings."
},
{
"lang": "en",
"value": "The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal_cve_2020_12144.pdf"
}
],
"source": {
"advisory": "2020 -04-24-001- 003",
"discovery": "EXTERNAL"
},
"title": "The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@silver-peak.com",
"ID": "CVE-2020-12144",
"STATE": "PUBLIC",
"TITLE": "The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator\u202f 3. EdgeConnect in AWS, Azure, GCP",
"version": {
"version_data": [
{
"version_name": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+",
"version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+"
}
]
}
}
]
},
"vendor_name": "Silver Peak Systems, Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was reported to Silver Peak by Denis Kolegov, Mariya Nedyak, and Anton Nikolaev from the SD-WAN New Hop team."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf",
"refsource": "CONFIRM",
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Resolution \n\u2022\tChanges have been made to strengthen the initial exchange between the EdgeConnect appliance and the Cloud Portal. After the changes, EdgeConnect will validate the certificate used to identify the Silver Peak Cloud Portal to EdgeConnect. \n\n\u2022\tTLS itself is continually subject to newly discovered and exploitable vulnerabilities. As such, all versions of EdgeConnect software implement additional out-of-band and user-controlled authentication mechanisms. \n\nAny required configuration\n\u2022\tDo not change Cloud Portal\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Portal Certificate\u201d option under Advanced Security Settings."
},
{
"lang": "en",
"value": "The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal_cve_2020_12144.pdf"
}
],
"source": {
"advisory": "2020 -04-24-001- 003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "83cc1b1a-46b0-4ac1-94f2-bbef3319bc4c",
"assignerShortName": "Silver Peak",
"cveId": "CVE-2020-12144",
"datePublished": "2020-05-05T19:54:00.000Z",
"dateReserved": "2020-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:48:58.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15133 (GCVE-0-2020-15133)
Vulnerability from cvelistv5 – Published: 2020-07-31 17:40 – Updated: 2024-08-04 13:08
VLAI
Title
Missing TLS certificate verification in Faye Websocket
Summary
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `wss:` connection made using this library is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. For further background information on this issue, please see the referenced GitHub Advisory. Upgrading `faye-websocket` to v0.11.0 is recommended.
Severity
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://blog.jcoglan.com/2020/07/31/missing-tls-v… | x_refsource_MISC |
| https://github.com/faye/faye-websocket-ruby/secur… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| faye | faye-websocket |
Affected:
< 0.11.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "faye-websocket",
"vendor": "faye",
"versions": [
{
"status": "affected",
"version": "\u003c 0.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `wss:` connection made using this library is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. For further background information on this issue, please see the referenced GitHub Advisory. Upgrading `faye-websocket` to v0.11.0 is recommended."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-31T17:40:21.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv"
}
],
"source": {
"advisory": "GHSA-2v5c-755p-p4gv",
"discovery": "UNKNOWN"
},
"title": "Missing TLS certificate verification in Faye Websocket",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15133",
"STATE": "PUBLIC",
"TITLE": "Missing TLS certificate verification in Faye Websocket"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "faye-websocket",
"version": {
"version_data": [
{
"version_value": "\u003c 0.11.0"
}
]
}
}
]
},
"vendor_name": "faye"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `wss:` connection made using this library is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. For further background information on this issue, please see the referenced GitHub Advisory. Upgrading `faye-websocket` to v0.11.0 is recommended."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/",
"refsource": "MISC",
"url": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/"
},
{
"name": "https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv",
"refsource": "CONFIRM",
"url": "https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv"
}
]
},
"source": {
"advisory": "GHSA-2v5c-755p-p4gv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15133",
"datePublished": "2020-07-31T17:40:21.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:22.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15134 (GCVE-0-2020-15134)
Vulnerability from cvelistv5 – Published: 2020-07-31 17:40 – Updated: 2024-08-04 13:08
VLAI
Title
Missing TLS certificate verification in Faye
Summary
Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `https:` or `wss:` connection made using these libraries is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. The first request a Faye client makes is always sent via normal HTTP, but later messages may be sent via WebSocket. Therefore it is vulnerable to the same problem that these underlying libraries are, and we needed both libraries to support TLS verification before Faye could claim to do the same. Your client would still be insecure if its initial HTTPS request was verified, but later WebSocket connections were not. This is fixed in Faye v1.4.0, which enables verification by default. For further background information on this issue, please see the referenced GitHub Advisory.
Severity
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/faye/faye/security/advisories/… | x_refsource_CONFIRM |
| https://blog.jcoglan.com/2020/07/31/missing-tls-v… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "faye",
"vendor": "faye",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `https:` or `wss:` connection made using these libraries is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. The first request a Faye client makes is always sent via normal HTTP, but later messages may be sent via WebSocket. Therefore it is vulnerable to the same problem that these underlying libraries are, and we needed both libraries to support TLS verification before Faye could claim to do the same. Your client would still be insecure if its initial HTTPS request was verified, but later WebSocket connections were not. This is fixed in Faye v1.4.0, which enables verification by default. For further background information on this issue, please see the referenced GitHub Advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-31T17:40:15.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/"
}
],
"source": {
"advisory": "GHSA-3q49-h8f9-9fr9",
"discovery": "UNKNOWN"
},
"title": "Missing TLS certificate verification in Faye",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15134",
"STATE": "PUBLIC",
"TITLE": "Missing TLS certificate verification in Faye"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "faye",
"version": {
"version_data": [
{
"version_value": "\u003c 1.4.0"
}
]
}
}
]
},
"vendor_name": "faye"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `https:` or `wss:` connection made using these libraries is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. The first request a Faye client makes is always sent via normal HTTP, but later messages may be sent via WebSocket. Therefore it is vulnerable to the same problem that these underlying libraries are, and we needed both libraries to support TLS verification before Faye could claim to do the same. Your client would still be insecure if its initial HTTPS request was verified, but later WebSocket connections were not. This is fixed in Faye v1.4.0, which enables verification by default. For further background information on this issue, please see the referenced GitHub Advisory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9",
"refsource": "CONFIRM",
"url": "https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9"
},
{
"name": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/",
"refsource": "MISC",
"url": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/"
}
]
},
"source": {
"advisory": "GHSA-3q49-h8f9-9fr9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15134",
"datePublished": "2020-07-31T17:40:15.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:22.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15732 (GCVE-0-2020-15732)
Vulnerability from cvelistv5 – Published: 2021-06-22 14:50 – Updated: 2024-09-17 01:16
VLAI
Summary
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.
Severity
6.5 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.bitdefender.com/support/security-advi… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Bitdefender | Total Security |
Affected:
unspecified , < 25.0.7.29
(custom)
|
|
| Bitdefender | Internet Security |
Affected:
unspecified , < 25.0.7.29
(custom)
|
|
| Bitdefender | Antivirus Plus |
Affected:
unspecified , < 25.0.7.29
(custom)
|
Date Public
2021-06-22 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Total Security",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "25.0.7.29",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Internet Security",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "25.0.7.29",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Antivirus Plus",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "25.0.7.29",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ollie Killean"
}
],
"datePublic": "2021-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T14:50:15.000Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957"
}
],
"solutions": [
{
"lang": "en",
"value": "An automatic update to version 25.0.7.29 fixes the issue."
}
],
"source": {
"defect": [
"VA-8957"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2021-06-22T09:00:00.000Z",
"ID": "CVE-2020-15732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Total Security",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "25.0.7.29"
}
]
}
},
{
"product_name": "Internet Security",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "25.0.7.29"
}
]
}
},
{
"product_name": "Antivirus Plus",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "25.0.7.29"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ollie Killean"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957"
}
]
},
"solution": [
{
"lang": "en",
"value": "An automatic update to version 25.0.7.29 fixes the issue."
}
],
"source": {
"defect": [
"VA-8957"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-15732",
"datePublished": "2021-06-22T14:50:16.029Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:57.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2033 (GCVE-0-2020-2033)
Vulnerability from cvelistv5 – Published: 2020-06-10 17:29 – Updated: 2024-09-17 03:22
VLAI
Title
GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie
Summary
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled.
Severity
5.3 (Medium)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2020-2033 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | GlobalProtect App |
Affected:
5.1 , < 5.1.4
(custom)
Affected: 5.0 , < 5.0.10 (custom) |
Date Public
2020-06-10 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-2033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.1.4",
"status": "unaffected"
}
],
"lessThan": "5.1.4",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.0.10",
"status": "unaffected"
}
],
"lessThan": "5.0.10",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Tom Wyckhuys and Nabeel Ahmed from NTT Belgium for discovering and reporting this issue."
}
],
"datePublic": "2020-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the \u0027pre-login\u0027 user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T17:29:41.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-2033"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.0.10, GlobalProtect app 5.1.4, and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-10741"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-06-10T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie",
"workarounds": [
{
"lang": "en",
"value": "The impact of this vulnerability can be mitigated by decreasing the allowed timeout settings for the prelogon feature or disabling the feature in the GlobalProtect gateway."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-06-10T16:00:00.000Z",
"ID": "CVE-2020-2033",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.4"
},
{
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.10"
},
{
"version_affected": "!\u003e=",
"version_name": "5.1",
"version_value": "5.1.4"
},
{
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.10"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Tom Wyckhuys and Nabeel Ahmed from NTT Belgium for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the \u0027pre-login\u0027 user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2020-2033",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2033"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.0.10, GlobalProtect app 5.1.4, and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-10741"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-06-10T00:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "The impact of this vulnerability can be mitigated by decreasing the allowed timeout settings for the prelogon feature or disabling the feature in the GlobalProtect gateway."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2020-2033",
"datePublished": "2020-06-10T17:29:41.793Z",
"dateReserved": "2019-12-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:22:58.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25680 (GCVE-0-2020-25680)
Vulnerability from cvelistv5 – Published: 2021-01-07 17:32 – Updated: 2024-08-04 15:40
VLAI
Summary
A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1892703 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | JBCS httpd |
Affected:
JBCS httpd 2.4.37 SP5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892703"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBCS httpd",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "JBCS httpd 2.4.37 SP5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file\u0027s ID is \u0027unknown\u0027. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:32:50.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892703"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JBCS httpd",
"version": {
"version_data": [
{
"version_value": "JBCS httpd 2.4.37 SP5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file\u0027s ID is \u0027unknown\u0027. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1892703",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892703"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25680",
"datePublished": "2021-01-07T17:32:50.000Z",
"dateReserved": "2020-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:36.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
Phase: Implementation
Description:
- If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.