CVE-2019-5101

{"id": "CVE-2019-5101", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-11-18T18:15:09.960", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function _ustream_ssl_poll, which is used to dispatch the read/write events"}, {"lang": "es", "value": "Se presenta una vulnerabilidad de filtrado de informaci\u00f3n explotable en la biblioteca ustream-ssl de OpenWrt, versiones 18.06.4 y 15.05.1. Cuando se conecta a un servidor remoto, se comprueba el certificado SSL del servidor, pero no se toman medidas cuando el certificado no es v\u00e1lido. Un atacante podr\u00eda explotar este comportamiento al realizar un ataque de tipo man-in-the-middle, proporcionando cualquier certificado, conllevando al robo de todos los datos enviados por el cliente durante la primera petici\u00f3n. Despu\u00e9s de que una conexi\u00f3n SSL se inicializa por medio de _ustream_ssl_init, y despu\u00e9s de que cualquier dato (por ejemplo, la petici\u00f3n HTTP del cliente) se escribe en la secuencia usando ustream_printf, el c\u00f3digo eventualmente ingresa a la funci\u00f3n __ustream_ssl_poll, que es usada para enviar los eventos de lectura/escritura."}], "lastModified": "2024-11-21T04:44:21.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:openwrt:openwrt:15.05.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C12D102-0761-4DEE-A85B-39D9941A312A"}, {"criteria": "cpe:2.3:o:openwrt:openwrt:18.06.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12476A0C-9F25-4BAC-8C37-6C40D4C9CD93"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}