CVE-2021-3449 | Severity.io

Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Related CPE's

Vulnerable

o

debian

debian_linux

2

o

freebsd

freebsd

3

active_iq_unified_manager

Vulnerable

cloud_volumes_ontap_mediator

Vulnerable

e-series_performance_analyzer

Vulnerable

oncommand_insight

Vulnerable

oncommand_workflow_automation

Vulnerable

ontap_select_deploy_administration_utility

Vulnerable

santricity_smi-s_provider

Vulnerable

Vulnerable

Vulnerable

log_correlation_engine

Vulnerable

Vulnerable

a

tenable

nessus_network_monitor

5

Vulnerable

Vulnerable

a

mcafee

web_gateway

3

a

mcafee

web_gateway_cloud_service

3

o

checkpoint

quantum_security_management_firmware

2

quantum_security_management

o

checkpoint

multi-domain_management_firmware

2

multi-domain_management

o

checkpoint

quantum_security_gateway_firmware

2

quantum_security_gateway

communications_communications_policy_management

Vulnerable

enterprise_manager_for_storage_management

Vulnerable

Vulnerable

a

oracle

graalvm

3

jd_edwards_enterpriseone_tools

Vulnerable

jd_edwards_world_security

Vulnerable

mysql_connectors

Vulnerable

a

oracle

mysql_server

2

mysql_workbench

Vulnerable

a

oracle

peoplesoft_enterprise_peopletools

3

a

oracle

primavera_unifier

4

Vulnerable

secure_global_desktop

Vulnerable

zfs_storage_appliance_kit

Vulnerable

sma100_firmware

Vulnerable

Vulnerable

Vulnerable

ruggedcom_rcm1224_firmware

Vulnerable

ruggedcom_rcm1224

scalance_lpe9403_firmware

Vulnerable

scalance_lpe9403

scalance_m-800_firmware

Vulnerable

scalance_s602_firmware

Vulnerable

scalance_s612_firmware

Vulnerable

scalance_s615_firmware

Vulnerable

scalance_s623_firmware

Vulnerable

scalance_s627-2m_firmware

Vulnerable

scalance_s627-2m

scalance_sc-600_firmware

Vulnerable

scalance_sc-600

scalance_w700_firmware

Vulnerable

scalance_w1700_firmware

Vulnerable

scalance_xb-200_firmware

Vulnerable

scalance_xb-200

scalance_xc-200

scalance_xc-200_firmware

Vulnerable

scalance_xf-200ba

scalance_xf-200ba_firmware

Vulnerable

scalance_xm-400

scalance_xm-400_firmware

Vulnerable

scalance_xp-200

scalance_xp-200_firmware

Vulnerable

scalance_xr-300wg

scalance_xr-300wg_firmware

Vulnerable

scalance_xr524-8c

scalance_xr524-8c_firmware

Vulnerable

scalance_xr526-8c

scalance_xr526-8c_firmware

Vulnerable

scalance_xr528-6m

scalance_xr528-6m_firmware

Vulnerable

scalance_xr552-12_firmware

Vulnerable

scalance_xr552-12

o

siemens

simatic_cloud_connect_7_firmware

2

simatic_cloud_connect_7

o

siemens

simatic_cp_1242-7_gprs_v2_firmware

2

simatic_cp_1242-7_gprs_v2

simatic_hmi_basic_panels_2nd_generation_firmware

Vulnerable

simatic_hmi_basic_panels_2nd_generation

simatic_hmi_comfort_outdoor_panels_firmware

Vulnerable

simatic_hmi_comfort_outdoor_panels

simatic_hmi_ktp_mobile_panels_firmware

Vulnerable

simatic_hmi_ktp_mobile_panels

simatic_mv500_firmware

Vulnerable

simatic_net_cp_1243-1_firmware

Vulnerable

simatic_net_cp_1243-1

simatic_net_cp1243-7_lte_eu_firmware

Vulnerable

simatic_net_cp1243-7_lte_eu

simatic_net_cp1243-7_lte_us_firmware

Vulnerable

simatic_net_cp1243-7_lte_us

simatic_net_cp_1243-8_irc_firmware

Vulnerable

simatic_net_cp_1243-8_irc

simatic_net_cp_1542sp-1_irc_firmware

Vulnerable

simatic_net_cp_1542sp-1_irc

simatic_net_cp_1543-1_firmware

Vulnerable

simatic_net_cp_1543-1

simatic_net_cp_1543sp-1_firmware

Vulnerable

simatic_net_cp_1543sp-1

simatic_net_cp_1545-1_firmware

Vulnerable

simatic_net_cp_1545-1

simatic_pcs_7_telecontrol_firmware

Vulnerable

simatic_pcs_7_telecontrol

simatic_pcs_neo_firmware

Vulnerable

simatic_pcs_neo

simatic_pdm_firmware

Vulnerable

simatic_process_historian_opc_ua_server_firmware

Vulnerable

simatic_process_historian_opc_ua_server

simatic_rf166c_firmware

Vulnerable

simatic_rf185c_firmware

Vulnerable

simatic_rf186c_firmware

Vulnerable

simatic_rf186ci_firmware

Vulnerable

simatic_rf186ci

simatic_rf188c_firmware

Vulnerable

simatic_rf188ci_firmware

Vulnerable

simatic_rf188ci

simatic_rf360r_firmware

Vulnerable

simatic_s7-1200_cpu_1211c_firmware

Vulnerable

simatic_s7-1200_cpu_1211c

simatic_s7-1200_cpu_1212c_firmware

Vulnerable

simatic_s7-1200_cpu_1212c

simatic_s7-1200_cpu_1212fc_firmware

Vulnerable

simatic_s7-1200_cpu_1212fc

o

siemens

simatic_s7-1200_cpu_1214_fc_firmware

2

h

siemens

simatic_s7-1200_cpu_1214_fc

2

simatic_s7-1200_cpu_1214c_firmware

Vulnerable

simatic_s7-1200_cpu_1214c

simatic_s7-1200_cpu_1215_fc_firmware

Vulnerable

simatic_s7-1200_cpu_1215_fc

simatic_s7-1200_cpu_1215c_firmware

Vulnerable

simatic_s7-1200_cpu_1215c

simatic_s7-1200_cpu_1217c_firmware

Vulnerable

simatic_s7-1200_cpu_1217c

simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware

Vulnerable

simatic_s7-1500_cpu_1518-4_pn\/dp_mfp

sinamics_connect_300_firmware

Vulnerable

sinamics_connect_300

tim_1531_irc_firmware

Vulnerable

a

siemens

simatic_logon

2

simatic_wincc_runtime_advanced

Vulnerable

simatic_wincc_telecontrol

Vulnerable

a

siemens

sinec_nms

2

Vulnerable

a

siemens

sinema_server

5

sinumerik_opc_ua_server

Vulnerable

tia_administrator

Vulnerable

sinec_infrastructure_network_services

Vulnerable

a

nodejs

node.js

7

References

http://www.openwall.com/lists/oss-security/2021/03/27/1

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/03/27/2

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/03/28/3

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/03/28/4

Mailing ListThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf

PatchThird Party Advisory

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845

Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10356

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013

Third Party Advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc

Third Party Advisory

https://security.gentoo.org/glsa/202103-03

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210326-0006/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210513-0002/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20240621-0006/

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd

Third Party Advisory

https://www.debian.org/security/2021/dsa-4875

Third Party Advisory

https://www.openssl.org/news/secadv/20210325.txt

Vendor Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Third Party Advisory

https://www.tenable.com/security/tns-2021-05

Third Party Advisory

https://www.tenable.com/security/tns-2021-06

Third Party Advisory

https://www.tenable.com/security/tns-2021-09

Third Party Advisory

https://www.tenable.com/security/tns-2021-10

Third Party Advisory

Weaknesses

[email protected]

Primary

CWE-476

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.9 · Medium

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-03-25T15:15:13.450

4 years ago

Last modified

2024-06-21T19:15:19.710

10 months ago