4.3
CVSSv2

CVE-2021-23841

Published: 16/02/2021 Updated: 20/10/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

Nessus Agent versions 7.2.0 up to and including 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged malicious user to obtain the token. Additionally, one third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the provider. Nessus Agent version 8.2.3 will update OpenSSL to 1.1.1j.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

debian debian linux 10.0

tenable nessus network monitor 5.11.0

tenable nessus network monitor 5.11.1

tenable nessus network monitor 5.12.0

tenable nessus network monitor 5.12.1

tenable nessus network monitor 5.13.0

tenable tenable.sc

apple safari

apple ipad os

apple iphone os

apple macos

netapp oncommand insight -

netapp oncommand workflow automation -

netapp snapcenter -

oracle enterprise manager ops center 12.4.0.0

oracle graalvm 19.3.5

oracle graalvm 20.3.1.2

oracle graalvm 21.0.0.2

oracle mysql enterprise monitor

oracle mysql server

Vendor Advisories

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash() were found, which could result in denial of service Additional details can be found in the upstr ...
The z/TPF version of OpenSSL was updated to address the vulnerabilities described by CVE-2021-23840 and CVE-2021-23841 ...
OpenSSL vulnerabilities were disclosed on December 8, 2020 and February 16, 2021 by the OpenSSL Project OpenSSL, used by the IBM Spectrum Protect Backup-Archive Client for network connections with NetApp services, has addressed the applicable CVEs ...
Arch Linux Security Advisory ASA-202102-42 ========================================== Severity: Medium Date : 2021-02-27 CVE-ID : CVE-2021-23840 CVE-2021-23841 Package : openssl Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-1581 Summary ======= The package openssl before version 111j-1 is vulnerable ...
IBM MQ for HP NonStop Server is affected by OpenSSL vulnerabilities CVE-2021-23839, CVE-2021-23840 and CVE-2021-23841 ...
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed) This m ...
IBM Connect:Direct for HP NonStop is affected by OpenSSL vulnerabilities CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841 OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash ...
Nessus Agent versions 720 through 822 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance This could allow a privileged attacker to obtain the token Additionally, one third-party component (OpenSSL) was found to contain vulnerabi ...
Tenablesc and Tenablesc Core versions 5130 through 5170 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenablesc server via Hypertext Preprocessor unserialization Additionally, one third-party component (OpenSSL) was found to contain vulnerabilities, ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2021-3449, CVE-2021-3450, CVE-2021-23840, CVE-2021-23841 Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Nessus Network Monitor leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL components to a ...
Multiple vulnerabilities have been found in Hitachi Ops Center Analyzer viewpoint CVE-2020-1971, CVE-2021-3393, CVE-2021-3449, CVE-2021-3450, CVE-2021-23840, CVE-2021-23841 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-05-25-5 Safari 1411 Safari 1411 addresses the following issues Information about the security content is also available at supportapplecom/HT212534 WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to arbi ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-05-25-1 iOS 146 and iPadOS 146 iOS 146 and iPadOS 146 addresses the following issues Information about the security content is also available at supportapplecom/HT212528 Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th gen ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-05-25-2 macOS Big Sur 114 macOS Big Sur 114 addresses the following issues Information about the security content is also available at supportapplecom/HT212529 AMD Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application terminat ...

Github Repositories

CVE-2021-23841 Proof-of-Concept (PoC) script to exploit CVE-2021-23841 Usage Achieves exploitation of CVE-2021-23841 chmod +x CVE-2021-23841sh sudo /CVE-2021-23841sh -c <TargetIP> sudo /CVE-2021-23841sh -l <ListoFIPs>

CVE-2021-23841 Exploit The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed) This may subs

Catlin Vulnerability Scanner This can be used to scan vulnerability in Tekton Tasks What is Trivy? Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive vulnerability scanner for containers and other artifacts A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System Trivy detects vulnerabi

TASSL-111k 新版本特性 1、基于开源openssl111k修改。相较于之前基于openssl111b版本的tassl,修复了以下漏洞: CVE-2019-1543 CVE-2019-1552 CVE-2019-1563 CVE-2019-1547 CVE-2019-1549 CVE-2020-1967 CVE-2020-1971 CVE-2021-23840 CVE-2021-23839 CVE-2021-23841 CVE-2021-3449 CVE-2021-3450 CVE-2021-3711 2、支持RFC 8998 ShangMi (SM) Cipher Suites for TLS