IBMF7E7A8F78A090F5DE5897BC400BE414DEF7C5BF0B779EF44777FECCD7B97EFB0Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.9%
Summary
The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below.
Vulnerability Details
CVEID:CVE-2023-2650
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256611 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| FOS | 9.X |
Remediation/Fixes
| Fixed Product | Version(s) |
|---|---|
| FOS | 9.1.1d, 9.2.0b, 9.2.1 |
Workarounds and Mitigations
Affected configurations
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.9%