CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
55.1%
The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below.
CVEID:CVE-2023-0466
**DESCRIPTION:**OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the X509_VERIFY_PARAM_add0_policy function. By using invalid certificate policies, an attacker could exploit this vulnerability to bypass certificate verification.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251307 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-0465
**DESCRIPTION:**OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw when using a non-default option to verify certificates. By using invalid certificate policies in leaf certificates, an attacker could exploit this vulnerability to bypass policy checking.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251293 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
FOS | 9.X |
Fixed Product | Version(s) |
---|---|
FOS | 9.1.1d, 9.2.0b, 9.2.1 |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
55.1%