VDB
CVE-2016-2176
CVE-2016-2176
PUBLISHED
Es existieren mehrere Schwachstellen in OpenSSL im Zusammenhang mit ASN.1 (Abstract Syntax Notation One). Diese Schwachstellen beruhen darauf, dass die ASN.1-Daten nicht ordnungsgemäß überprüft und verarbeitet werden. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Angriff durchzuführen, beliebigen Programmcode auf dem System auszuführen oder sensible Informationen auszuspähen.
EPSS 6.78% · 91.5th percentile
Risk Scores
EPSS Score
6.78%
91.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux Desktop 7 | |
| Cisco | Cisco Media Experience Engine (MXE) | |
| SUSE | SUSE Linux Enterprise Server 11 SP4 | |
| Cisco | Cisco MDS 9000 | |
| Cisco | Cisco Digital Media Manager | |
| SUSE | SUSE Linux Enterprise Desktop 12 SP1 | |
| Open Source | Open Source OpenSSL <1.0.2h | |
| F5 | F5 BIG-IP Application Security Manager 10.2.1-10.2.4 | |
| Ubuntu | Ubuntu Linux 15.10 | |
| SUSE | SUSE Linux Enterprise Server 11 SP2 LTSS | |
| Blue Coat | Blue Coat ProxyAV 3.5 | |
| Juniper | Juniper Junos Space | |
| Cisco | Cisco TelePresence Server | |
| SUSE | SUSE Linux Enterprise Desktop 12 | |
| Cisco | Cisco Packet Tracer | |
| F5 | F5 BIG-IP Application Security Manager 12.0.0 | |
| F5 | F5 BIG-IP Local Traffic Manager 12.0.0 | |
| Open Source | Open Source OpenSSL <1.0.1t | |
| F5 | F5 WAN Optimization Manager 10.2.1-10.2.4 | |
| NetApp | NetApp OnCommand Unified Manager |
…and 62 more
Exploit Intelligence
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability. (github-poc)
- Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability. (github-poc)
…and 777 more exploits
Timeline
- CVE Published
- May 3, 2016 PoC Published
- Oct 2, 2020 PoC Published
- Nov 6, 2020 PoC Published
- Sep 6, 2021 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 17, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Oct 15, 2023 EPSS Score
- Nov 4, 2023 EPSS Score
- Nov 17, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2024-0215.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0215 advisory
- https://www.suse.com/support/update/announcement/2016/suse-su-20161228-1.html advisory
- https://www.suse.com/support/update/announcement/2016/suse-su-20161233-1.html advisory
- https://www.suse.com/support/update/announcement/2016/suse-su-20161206-1.html advisory
- https://www.debian.org/security/2016/dsa-3566 advisory
- http://www.ubuntu.com/usn/usn-2959-1/ advisory
- https://www.suse.com/support/update/announcement/2016/suse-su-20161231-1.html advisory
- https://www.openssl.org/news/secadv/20160503.txt advisory
- https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl advisory
- http://www.arista.com/en/support/advisories-notices/security-advisories/1334-security-advisory-20 advisory
- https://support.f5.com/kb/en-us/solutions/public/k/23/sol23230229.html advisory
- https://www.suse.com/support/update/announcement/2016/suse-su-20161267-1.html advisory
- https://bto.bluecoat.com/security-advisory/sa123 advisory
- https://rhn.redhat.com/errata/RHSA-2016-0996.html advisory
- https://rhn.redhat.com/errata/RHSA-2016-0722.html advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html advisory
- https://www.suse.com/support/update/announcement/2016/suse-su-20161360-1.html advisory
- https://support.f5.com/kb/en-us/solutions/public/k/36/sol36488941.html advisory
…and 35 more