Multiple vulnerabilities in IBM FOS Firmware
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2016-6306 CVE-2016-2183 CVE-2016-6304 CVE-2016-7052 CVE-2016-6309 CVE-2016-2181 CVE-2016-6308 CVE-2016-6307 CVE-2016-2179 CVE-2016-2178 CVE-2016-2177 CVE-2016-2180 CVE-2016-2182 CVE-2016-6303 CVE-2016-6305 CVE-2016-6302 |
| CWE-ID | CWE-125 CWE-327 CWE-400 CWE-476 CWE-416 CWE-20 CWE-399 CWE-203 CWE-119 CWE-494 CWE-787 CWE-122 CWE-371 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
Network Advisor Other software / Other software solutions FOS Firmware Hardware solutions / Firmware |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Denial of service
EUVDB-ID: #VU816
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6306
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakess exists due insufficient length validation of certain TLS/SSL protocol handshake messages. By causing out-of-bounds read error attackers can trigger the affected service deny.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU370
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-2183
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to decrypt transmitted data.
The vulnerability exists due to remote user's ability to control the network and capture long duration 3DES CBC mode encrypted session during which he can see a part of the text. In case of repeated sending the attacker can read the part and reconstruct the whole text.
Successful exploitation of this vulnerability may allow a remote attacker to decode transmitted data. This vulnerability is known as SWEET32.
MitigationInstall update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Resource exhaustion
EUVDB-ID: #VU646
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6304
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in OCSP stapling implementation in OpenSSL. A remote attacker can multiple requests with a large OCSP Status Request extension and consume all available memory on the system.
Install update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Missing CRL sanity check
EUVDB-ID: #VU660
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7052
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to incorrect implementation of CRL sanity check in version 1.0.2i. Any attempt to use CRLs results in null pointe exception and crashes the process.
MitigationInstall update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use after free error
EUVDB-ID: #VU661
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6309
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionA remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to incorrect implementation of patch for vulnerability CVE-2016-6307. A remote attacker can send a specially crafted message larger than 16 kilobytes and reallocated the buffer, intended to store the message, and then use the dangling pointer to control execution flaw.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU1975
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2181
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Anti-Replay feature in the DTLS implementation when using a new epoch number in conjunction with a large sequence number. A remote attacker can perform a denial of service (DoS) attack (false-positive packet drops) via spoofed DTLS records.
MitigationInstall update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Denial of service
EUVDB-ID: #VU818
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6308
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient validation of input length. By sending messages with excessive length attackers can cause resource exhaustion that leads to denial of service.
Successful exploitation of the vulnerability will allow a malicious user to trigger the vulnerable service to deny.
Install update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Denial of service
EUVDB-ID: #VU817
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6307
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remore unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient validation of input length. By sending messages with excessive length attackers can cause resource exhaustion that leads to denial of service.
Successful exploitation of the vulnerability allows a malicious user to cause the vulnerably system deny.
Install update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource management error
EUVDB-ID: #VU1974
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2179
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in the Datagram TLS (DTLS) implementation. A remote attacker can initiate and maintain multiple crafted DTLS sessions simultaneously and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Observable discrepancy
EUVDB-ID: #VU1589
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2178
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform timing attack.
The vulnerability exists due to an error within the dsa_sign_setup() function in crypto/dsa/dsa_ossl.c. A local user can obtain a DSA private key via a timing side-channel attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Integer overflow in ssl3_get_client_hello()
EUVDB-ID: #VU24
Risk: Medium
CVSSv3.1: 4.6 [AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2177
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause denial of service conditions on the target system.
The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.
Install update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU308
Risk: Medium
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2180
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the TS_OBJ_print_bio() function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL. A remote attacker can perform a denial of service (DoS) attack via a crafted time-stamp file that is mishandled by the "openssl ts" command.
MitigationInstall update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU1968
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2182
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the BN_bn2dec() function in crypto/bn/bn_print.c in OpenSSL. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Denial of service
EUVDB-ID: #VU815
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6303
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.
The weakness is caused by integer overflow in the MDC2_Update() function in 'crypto/mdc2/mdc2dgst.c'. By using large ammounts of input data attackers are able to trigger error in input length validation that leads to crash of the affected service.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Denial of service
EUVDB-ID: #VU645
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6305
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to trigger denial of service on the target system.
The weakness exists due to state error. By sendidng specially crafted files attackers can cause a flaw in SSL_peek() that may lead to the affected service hanging.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU814
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6302
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when handling SHA512 TLS session tickets. A remote attacker can send specially crafted packets to the system, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsNetwork Advisor: before 14.0.2
FOS Firmware: before 8.01c
External linkshttp://www.ibm.com/support/pages/node/697953
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
