Main Vulnerability Database Vulnerabilities #VU37694

Improper Certificate Validation in MatrixSSL - CVE-2017-1000415

Published: January 9, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37694

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-1000415

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: InsideSecure

Affected software:
MatrixSSL

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.

How to mitigate CVE-2017-1000415

Install update from vendor's website.

Sources

https://www.ieee-security.org/TC/SP2017/papers/231.pdf
https://www.youtube.com/watch?v=FW--c_F_cY8

Improper Certificate Validation in MatrixSSL - CVE-2017-1000415

Detailed vulnerability description

How to mitigate CVE-2017-1000415

Sources

Please verify you're human