MitM attack in OpenSSL

1) Carry propagation issue

EUVDB-ID: #VU9109

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3736

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to decrypt data.

The vulnerability exists due to carry propagating bug in the x86_64 Montgomery squaring procedure (bn_sqrx8x_internal). A remote attacker can decrypt encrypted data. The vulnerability affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Mitigation

Update to version 1.0.2m or 1.1.0g.

Vulnerable software versions

OpenSSL: 1.0.2 - 1.1.0f

CPE2.3

• cpe:2.3:a:openssl_software_foundation:openssl:1.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:1.0.2h:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:1.0.2l:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:1.0.2k:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:1.0.2a:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:1.0.2i:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:1.0.2j:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:1.0.2g:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:1.0.2f:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:1.0.2e:*:*:*:*:*:*:*

External links

https://www.openssl.org/news/secadv/20171102.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.