The version of OpenSSL installed on the remote host is prior to 3.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.12 advisory.

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

  - Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
    This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
    Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of     confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or     EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been     established. Any alterations to the key length, via the keylen parameter or the IV length, via the     ivlen parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing     truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4,     RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of     confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a     deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both     truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in     some cases, trigger a memory exception. However, these issues are not currently assessed as security     critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable     API was recently introduced. Furthermore it is likely that application developers will have spotted this     problem during testing since decryption would fail unless both peers in the communication were similarly     vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be     quite low. However if an application is vulnerable then this issue is considered very serious. For these     reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is     not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the     issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
    (CVE-2023-5363)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

OpenSSL 3.0.0 < 3.0.12 Multiple Vulnerabilities

high Nessus Plugin ID 183891

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.1

Version 1.0

Version 1.5 Oct 7, 2024, 1:27 PM Plugin categorization (adding new 'component' to component plugins) Plugin Feed: 202410071327
Version 1.4 Jun 7, 2024, 4:47 PM CVE (set "CVE" coverage to "CVE-2023-5363,CVE-2023-6129") Plugin metadata Plugin Feed: 202406071647
Version 1.3 Mar 8, 2024, 6:26 PM IAVM reference Plugin Feed: 202403081826
Version 1.2 Nov 10, 2023, 2:22 PM CVSSv2 severity (based on CVE-2023-5363, severity increased from "Medium" to "High") CVSSv3 severity (based on None, severity increased from "Medium" to "High") CVSS metrics ("CVSSv2 score" set to 7.8. "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N". "CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N". "CVSSv3 score" set to 7.5) Plugin Feed: 202311101422
Version 1.1 Oct 27, 2023, 12:17 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202310271217
Version 1.1 Nov 10, 2023, 12:32 PM CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N") CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N") CVSS metrics ("CVSSv2 score" set to 7.8) CVSSv2 severity (based on CVE-2023-5363, severity increased from "Medium" to "High") CVSSv3 severity (based on None, severity increased from "Medium" to "High") CVSS metrics ("CVSSv3 score" set to 7.5) Plugin Feed: 202311101232
Version 1.0 Oct 26, 2023, 4:13 AM New Plugin Feed: 202310260413