Lucene search

IBMAE3C0A1DA03F3F2FDD318D7CB1A19DB28B045DA520F2528F61C26EA01D2DE0AD

HistoryFeb 28, 2023 - 1:48 a.m.

Security Bulletin: Vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors (CVE-2016-2108)

2023-02-2801:48:51

www.ibm.com

openssl

ibm b-type

san switches

directors

cve-2016-2108

fos

network advisor

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.895 High

EPSS

Percentile

98.8%

JSON

Summary

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors has addressed the applicable CVE.

Vulnerability Details

CVEID: CVE-2016-2108**
DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a buffer underflow when deserializing untrusted ASN.1 structures and later reserializes them. An attacker could exploit this vulnerability to corrupt memory and trigger an out-of-bounds write and execute arbitrary code on the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112853 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

FOS versions prior to 7.4.2

FOS versions prior to 8.1.0c

IBM Network Advisor versions prior to 14.0.2

Remediation/Fixes

Product

| VRMF| Fix
—|—|—
FOS| 7.4.2| __http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003855__
_FOS _| 8.1.0c| _http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009577_
IBM Network Advisor| 14.0.2| __http://www-01.ibm.com/support/docview.wss?uid=ssg1S7005391__

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmstorage_protectMatchany

ibmscale_out_network_attached_storageMatchany

ibmibm_san24b_series_switches_6.2.2gMatchany

ibmstorage_protectMatchany

ibmsan384b_fabric_backbone_\(2499-192\)Matchany

ibmsan06b-r_\(2498-r06\)Matchany

ibmscale_out_network_attached_storageMatchany

ibmstorage_protectMatchany

ibmsystem_networking_switch_centerMatchany

ibmsan768b_fabric_backbone_\(2499-384\)Matchany

ibmscale_out_network_attached_storageMatchany

CPENameOperatorVersion
ibm storage networking san512b-6eqany
storage area network (san)->ibm network advisoreqany
ibm storage networking san24b-5eqany
ibm storage networking san24beqany
ibm storage networking san256b-6 (8961-f04)eqany
ibm storage networking san32b-e4eqany
storage area network (san)->san384b-2 fabric backbone (2499-416)eqany
storage area network (san)->san42b-r (2498-r42)eqany
storage area network (san)->san48b-5 switch (2498-f48)eqany
ibm storage networking san512b-6eqany

Name	Operator	Version
ibm storage networking san512b-6	eq	any
storage area network (san)->ibm network advisor	eq	any
ibm storage networking san24b-5	eq	any
ibm storage networking san24b	eq	any
ibm storage networking san256b-6 (8961-f04)	eq	any
ibm storage networking san32b-e4	eq	any
storage area network (san)->san384b-2 fabric backbone (2499-416)	eq	any
storage area network (san)->san42b-r (2498-r42)	eq	any
storage area network (san)->san48b-5 switch (2498-f48)	eq	any
ibm storage networking san512b-6	eq	any