Vulnerability Name:

CVE-2021-23839 (CCN-196849)

Assigned:2021-02-16
Published:2021-02-16
Updated:2022-10-29
Summary:OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x).
CVSS v3 Severity:3.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-326
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-23839

Source: CONFIRM
Type: Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

Source: XF
Type: UNKNOWN
openssl-cve202123839-weak-sec(196849)

Source: CONFIRM
Type: Broken Link
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30919ab80a478f2d81f2e9acdcca3fa4740cd547

Source: CONFIRM
Type: Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210219-0009/

Source: CCN
Type: IBM Security Bulletin 6427489 (Sterling Connect:Express for UNIX)
IBM Sterling Connect:Express for UNIX is Affected by Multiple Vulnerabilities in OpenSSL

Source: CCN
Type: IBM Security Bulletin 6428997 (SDK for Node.js for Bluemix)
Multiple vulnerabilities affect IBM SDK for Node.js in IBM Cloud

Source: CCN
Type: IBM Security Bulletin 6429433 (Rational ClearQuest)
Vulnerabilities in OpenSSL affect IBM Rational ClearQuest

Source: CCN
Type: IBM Security Bulletin 6434197 (MQ for HPE NonStop)
IBM MQ for HP NonStop Server is affected by OpenSSL vulnerabilities CVE-2021-23839, CVE-2021-23840 and CVE-2021-23841

Source: CCN
Type: IBM Security Bulletin 6439501 (WebSphere MQ)
WebSphere MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities CVE-2021-23839, CVE-2021-23840 and CVE-2021-23841

Source: CCN
Type: IBM Security Bulletin 6443405 (AIX)
Vulnerabilities in OpenSSL affect AIX (CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841)

Source: CCN
Type: IBM Security Bulletin 6452233 (Sterling Connect:Direct for HP NonStop)
Multiple OpenSSL Vulnerabilities Affect IBM Connect:Direct for HP NonStop

Source: CCN
Type: IBM Security Bulletin 6458259 (Aspera High-Speed Transfer Server (HSTS))
OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0 and earlier (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Source: CCN
Type: IBM Security Bulletin 6458629 (Aspera High-Speed Transfer Server (HSTS))
OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0 and earlier (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Source: CCN
Type: IBM Security Bulletin 6462927 (Rational ClearCase)
Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Source: CCN
Type: IBM Security Bulletin 6463979 (Integration Bus)
Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprise v11 (CVE-2021-23839, CVE-2021-23840)

Source: CCN
Type: IBM Security Bulletin 6472137 (Netcool/System Service Monitor)
Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors

Source: CCN
Type: IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)
Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products.

Source: CCN
Type: IBM Security Bulletin 6476346 (Security Verify Gateway)
Multiple Security Vulnerabilities fixed in Openssl as shipped with IBM Security Verify products

Source: CCN
Type: IBM Security Bulletin 6479935 (MaaS360)
A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (V2.103.000.051) and Modules

Source: CCN
Type: IBM Security Bulletin 6486335 (Cloud Private)
IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Source: CCN
Type: IBM Security Bulletin 6487493 (c-type SAN directors and switches)
Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.

Source: CCN
Type: IBM Security Bulletin 6490371 (Aspera Shares)
Aspera Web Applications (Shares, Console) are affected by OpenSSL Vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Source: CCN
Type: IBM Security Bulletin 6491653 (Security Verify Bridge)
ultiple vulnerabilities fixed in IBM Security Verify Bridge - Docker

Source: CCN
Type: IBM Security Bulletin 6507581 (InfoSphere Master Data Management)
IBM InfoSphere Master Data Management Server vulnerability in OpenSSL

Source: CCN
Type: IBM Security Bulletin 6618941 (Aspera Faspex)
IBM Aspera Faspex 4.4.2 has addressed multiple security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6952327 (Aspera Orchestrator)
IBM Aspera Orchestrator affected by OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Source: CCN
Type: IBM Security Bulletin 6985591 (Safer Payments)
IBM Safer Payments is vulnerable to multiple OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Source: CCN
Type: OpenSSL Security Advisory [16 February 2021]
OpenSSL Security Advisory [16 February 2021]

Source: CONFIRM
Type: Vendor Advisory
https://www.openssl.org/news/secadv/20210216.txt

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Source: CCN
Type: Trustwave SpiderLabs Security Advisory TWSL2021-003
Incorrect SSLv2 rollback protection Vulnerability in OpenSSL

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openssl:openssl:*:*:*:*:*:*:*:* (Version >= 1.0.2s and <= 1.0.2x)

    • Configuration 2:
  • cpe:/a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:20.3.1.2:*:*:*:community:*:*:*
  • OR cpe:/a:oracle:graalvm:21.0.0.2:*:*:*:community:*:*:*
  • OR cpe:/a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*

    • Configuration 3:
  • cpe:/a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:siemens:sinec_ins:*:*:*:*:*:*:*:* (Version < 1.0)
  • OR cpe:/a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:5.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:netcool/system_service_monitor:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_connect:express:1.5.0:*:*:*:unix:*:*:*
  • OR cpe:/a:ibm:integration_bus:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect:11.0.0.0:*:*:*:enterprise:*:*:*
  • OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mq_for_hpe_nonstop:8.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:aspera_console:3.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:aspera_shares:1.9.14:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:9.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:9.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:aspera_faspex:4.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:safer_payments:6.1.0.00:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:safer_payments:6.2.0.00:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:safer_payments:5.7.0.00:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:safer_payments:6.0.0.00:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    openssl openssl *
    oracle business intelligence 12.2.1.3.0
    oracle jd edwards world security a9.4
    oracle business intelligence 12.2.1.4.0
    oracle business intelligence 5.5.0.0.0
    oracle enterprise manager for storage management 13.4.0.0
    oracle enterprise manager ops center 12.4.0.0
    oracle zfs storage appliance kit 8.8
    oracle graalvm 19.3.5
    oracle graalvm 20.3.1.2
    oracle graalvm 21.0.0.2
    oracle business intelligence 5.9.0.0.0
    siemens sinec ins 1.0 sp1
    siemens sinec ins *
    siemens sinec ins 1.0 -
    openssl openssl 1.0.2
    ibm aix 7.1
    ibm rational clearcase 8.0.1
    ibm rational clearcase 8.0.0
    ibm websphere mq 5.3.1
    ibm infosphere master data management 11.5
    ibm netcool/system service monitor 4.0.1
    ibm aix 7.2
    ibm infosphere master data management 11.6
    ibm rational rhapsody design manager 6.0.2
    ibm rational clearquest 9.0.1
    ibm rational clearcase 9.0.1
    ibm sterling connect:express 1.5.0
    ibm integration bus 10.0.0
    ibm app connect 11.0.0.0
    ibm vios 3.1
    ibm mq for hpe nonstop 8.1.0
    ibm mq for hpe nonstop 8.0.4
    ibm aspera console 3.4.0
    ibm aspera shares 1.9.14
    ibm cloud private 3.2.1 cd
    ibm rational clearquest 9.0.0
    ibm rational clearquest 9.0.2
    ibm cloud private 3.2.2 cd
    ibm aspera faspex 4.4.1
    ibm safer payments 6.1.0.00
    ibm safer payments 6.2.0.00
    ibm safer payments 5.7.0.00
    ibm safer payments 6.0.0.00