CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
98.1%
OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors and IBM Network Advisor. IBM has addressed the applicable CVEs.
CVEID: CVE-2016-0705DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service.CVSS Base Score: 3.7CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111140 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-0797DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the BN_hex2bn/BN_dec2bn() function. An attacker could exploit this vulnerability using specially crafted data to cause a denial of service.CVSS Base Score: 3.7CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111142 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-0799DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a memory error in the BIO_printf() functions. An attacker could exploit this vulnerability using specially crafted data to trigger an out-of-bounds read.CVSS Base Score: 3.7CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111143 for the current scoreCVSS Environmental Score: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-0702DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel Sandy-Bridge microarchitecture. An attacker could exploit this vulnerability to recover RSA keys.CVSS Base Score: 2.9CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111144 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-0703DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by the failure to enforce that a clear-key-length value is 0 for non-export ciphers by the SSLv2 's2_srvr.c code. When clear-key bytes displace encrypted-key bytes, an attacker could exploit this vulnerability to conduct a divide-and-conquer key recovery attack.CVSS Base Score: 7.4CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111145 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2016-0704DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions. The s2_srvr.c code overwrites the wrong bytes in the master-key when applying Bleichenbacher protection for export cipher suites. An attacker could exploit this vulnerability using a Bleichenbacher oracle to decrypt sessions.CVSS Base Score: 5.9CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111146 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2016-2842DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to verify that a certain memory allocation succeeds by the doapr_outch function. A remote attacker could exploit this vulnerability using a specially crafted string to cause an out-of-bounds write or consume an overly large amount of resources.CVSS Base Score: 7.5CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111304 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
IBM Network Advisor prior to 14.0.2 and FOS firmware prior to 7.4.1d
Fixes are contained in the following releases:
Network Advisor 14.0.2
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009621
FOS 7.4.1d
<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003855>
FOS 8.0.1b
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009577
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | ibm_storage_networking_san512b-6 | any | cpe:2.3:a:ibm:ibm_storage_networking_san512b-6:any:*:*:*:*:*:*:* |
ibm | scale_out_network_attached_storage | any | cpe:2.3:h:ibm:scale_out_network_attached_storage:any:*:*:*:*:*:*:* |
ibm | ibm_storage_networking_san24b-5 | any | cpe:2.3:a:ibm:ibm_storage_networking_san24b-5:any:*:*:*:*:*:*:* |
ibm | ibm_storage_networking_san256b-6_\(8961-f04\) | any | cpe:2.3:a:ibm:ibm_storage_networking_san256b-6_\(8961-f04\):any:*:*:*:*:*:*:* |
ibm | ibm_storage_networking_san32b-e4 | any | cpe:2.3:a:ibm:ibm_storage_networking_san32b-e4:any:*:*:*:*:*:*:* |
ibm | san64b-6_switch_\(8960-f64-n64\) | any | cpe:2.3:a:ibm:san64b-6_switch_\(8960-f64-n64\):any:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
98.1%