Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2021-3450

Published: 25/03/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

freebsd freebsd 12.2

netapp santricity_smi-s_provider_firmware -

netapp storagegrid_firmware -

windriver linux -

windriver linux 18.0

windriver linux 19.0

windriver linux 17.0

netapp oncommand workflow automation -

netapp storagegrid -

netapp ontap select deploy administration utility -

netapp cloud volumes ontap mediator -

fedoraproject fedora 34

tenable nessus agent

tenable nessus

tenable nessus network monitor 5.11.1

tenable nessus network monitor 5.12.0

tenable nessus network monitor 5.12.1

tenable nessus network monitor 5.13.0

tenable nessus network monitor 5.11.0

oracle jd edwards world security a9.4

oracle weblogic server 12.2.1.4.0

oracle weblogic server 14.1.1.0.0

oracle enterprise manager for storage management 13.4.0.0

oracle secure global desktop 5.6

oracle graalvm 20.3.1.2

oracle graalvm 21.0.0.2

oracle graalvm 19.3.5

oracle mysql server

oracle mysql workbench

oracle commerce guided search 11.3.2

oracle mysql connectors

oracle jd edwards enterpriseone tools

oracle mysql enterprise monitor

oracle secure backup

oracle peoplesoft enterprise peopletools

mcafee web gateway cloud service 10.1.1

mcafee web gateway cloud service 9.2.10

mcafee web gateway cloud service 8.2.19

mcafee web gateway 10.1.1

mcafee web gateway 9.2.10

mcafee web gateway 8.2.19

sonicwall sma100_firmware

sonicwall sonicos

sonicwall email security

sonicwall capture client

nodejs node.js

Vendor Advisories

Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update
Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Red Hat: CVE-2021-3450
A flaw was found in openssl The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed The highest threat from this vulnerability is to data confidentiality and integrity ...
Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021
On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities Exploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or devic ...
Amazon Linux 2: ALAS-2024-2502
A null pointer dereference flaw was found in openssl A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service The highest threat from this vulnerability is to system availability (CVE-2020-1971) Calls to EVP_CipherUpdate, EVP_En ...
Amazon Linux 2: ALAS2-2021-1622
A flaw was found in openssl A server crash and denial of service attack could occur if a client sends a TLSv12 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension The highest threat from this vulnerability is to system availability (CVE-2021-3449) A flaw was found in openssl ...
Arch Linux Issues:
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain It is not set by default Starting from OpenSSL version 111h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check An error in the impleme ...
Tenable Security Advisories: [R1] Nessus 8.13.2 Fixes Multiple Third-party Vulnerabilities
Nessus leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL components to address the poten ...
Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities
Nessus Network Monitor leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL components to a ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2021-3449, CVE-2021-3450, CVE-2021-23840, CVE-2021-23841 Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint
Multiple vulnerabilities have been found in Hitachi Ops Center Analyzer viewpoint CVE-2020-1971, CVE-2021-3393, CVE-2021-3449, CVE-2021-3450, CVE-2021-23840, CVE-2021-23841 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

ICS Advisories

Siemens SINEC INS
Critical Infrastructure Sectors: Energy

Github Repositories

https://github.com/ARPSyndicate/puncia

The Panthera(P.)uncia of Cybersecurity - Subdomain & Exploit Hunter powered by AI

The Panthera(P)uncia of Cybersecurity Subdomain & Exploit Hunter powered by AI Puncia utilizes two of our intelligent APIs - Subdomain Center & Exploit Observer, to gather the results Please note that although these results can sometimes be pretty inaccurate & unreliable, they can greatly differ from time to time due to their self-improvement cap

Recent Articles

OpenSSL shuts down two high-severity bugs: Flaws enable cert shenanigans, denial-of-service attacks
The Register • Thomas Claburn in San Francisco • 25 Mar 2021

Debian, Ubuntu ahead of the curve in patching at least – don't be late yourself How do you fix a problem like open-source security? Google has an idea, though constraints may not go down well

Two high-severity vulnerabilities in the OpenSSL software library were disclosed on Thursday alongside the release of a patched version of the software, OpenSSL 1.1.1k. OpenSSL is widely used to implement the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which support encrypted network connections. Alternatives include BoringSSL and LibreSSL, among others. The first flaw, a certificate check bypass (CVE-2021-3450), arose as a result of code implemented in v1.1.1h to pe...

Read more...

References

CWE-295https://www.openssl.org/news/secadv/20210325.txthttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJdhttps://security.netapp.com/advisory/ntap-20210326-0006/https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.aschttp://www.openwall.com/lists/oss-security/2021/03/27/1http://www.openwall.com/lists/oss-security/2021/03/27/2http://www.openwall.com/lists/oss-security/2021/03/28/3http://www.openwall.com/lists/oss-security/2021/03/28/4https://security.gentoo.org/glsa/202103-03https://www.tenable.com/security/tns-2021-05https://www.tenable.com/security/tns-2021-08https://kc.mcafee.com/corporate/index?page=content&id=SB10356https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.htmlhttps://www.tenable.com/security/tns-2021-09https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63bhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/https://access.redhat.com/errata/RHSA-2022:0056https://nvd.nist.govhttps://github.com/ARPSyndicate/punciahttps://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09https://access.redhat.com/security/cve/cve-2021-3450https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316SQL injectiontype confusionCVE-2024-20697CVE-2024-4344localCVE-2024-30043CVE-2024-3821CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook