IBM75595D2C66B66B6E1460025EB95D183F82EF3139ABFC9229C936E32133CF250ESecurity Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN Module affected by multiple vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.732 High
EPSS
Percentile
98.1%
Summary
Vulnerabilities contained within Open VPN (a 3rd party component) and Open SSL were addressed in the IBM MaaS360 Cloud Extender Agent and VPN Modules. Vulnerabilities contained within Eclipse Jetty and Netty (a 3rd party component) were addressed in the IBM MaaS360 Mobile Enterprise Gateway (MEG).
Vulnerability Details
CVEID:CVE-2023-36478
**DESCRIPTION:**Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268413 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-44487
**DESCRIPTION:**Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests and RST_STREAM frames over multiple streams, a remote attacker could exploit this vulnerability to cause a denial of service due to server resource consumption.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268044 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-41900
**DESCRIPTION:**Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using the optional nested LoginService. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 3.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266185 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)
CVEID:CVE-2023-40167
**DESCRIPTION:**Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially crafted request, a remote attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-36479
**DESCRIPTION:**Eclipse Jetty could provide weaker than expected security, caused by an errant command quoting flaw in the org.eclipse.jetty.servlets.CGI Servlet. A remote authenticated attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 3.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266435 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N)
CVEID:CVE-2023-34462
**DESCRIPTION:**Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the SniHandler class. By sending a specially crafted client hello packet, a remote authenticated attacker could exploit this vulnerability to cause a OutOfMemoryError and so result in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258713 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-4807
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in the POLY1305 MAC (message authentication code) implementation, when running on newer X86_64 processors supporting the AVX512-IFMA instructions. A local authenticated attacker could exploit this vulnerability to cause an incorrect result of some application dependent calculations or a crash or in some cases gain complete control of the application process.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265578 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-46849
**DESCRIPTION:**OpenVPN is vulnerable to a denial of service, caused by a divide by zero flaw. By using the --fragment option in certain configuration setups, a remote attacker could exploit this vulnerability to cause an application crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271741 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-46850
**DESCRIPTION:**OpenVPN could allow a remote attacker to execute arbitrary code on the system, caused by an use-after-free flaw. By sending specially crafted network buffers to a remote peer, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271742 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-5363
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by an incorrect cipher key and IV length processing during the initialisation of some symmetric ciphers. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269418 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MaaS360 Cloud Extender Agent | 3.000.250.023 and prior |
| IBM MaaS360 Mobile Enterprise Gateway | 3.000.300 and prior |
| IBM MaaS360 VPN | 3.000.200 and prior |
Remediation/Fixes
- IBM strongly recommends customers update their systems promptly.
-
- 1. Update the IBM MaaS360 Cloud Extender to version 3.000.300.025 or greater.
- 2. Apply the IBM MaaS360 IBM MaaS360 Mobile Enterprise Gateway and VPN Modules to version 3.000.400 or greater.
- The latest Cloud Extender Agent is available within the MaaS360 Administrator Portal.
- Instructions to upgrade the Agent and modules are located on this IBM Documentation page.
- Instructions to upgrage the Mobile Enterprise Gateway and VPN modules are located on this IBM Documentation page.
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm maas360 | eq | 3.000.700 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.732 High
EPSS
Percentile
98.1%