The version of edk2 / hvloader / cloud-hypervisor / rust / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4304 advisory.

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the 'name' (e.g.
    'CERTIFICATE'), any header data and the payload data. If the function succeeds then the 'name_out',     'header' and 'data' arguments are populated with pointers to buffers containing the relevant decoded data.
    The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results     in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate     the header argument with a pointer to a buffer that has already been freed. If the caller also frees this     buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an     attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service     attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and     therefore these functions are also directly affected. These functions are also called indirectly by a     number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file()     which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the     caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations     include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL     asn1parse command line application is also impacted by this issue. (CVE-2022-4450)

  - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected. (CVE-2023-0215)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13025 advisory.

  - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the name (e.g.
    CERTIFICATE), any header data and the payload data. If the function succeeds then the name_out,     header and data arguments are populated with pointers to buffers containing the relevant decoded data.
    The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results     in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate     the header argument with a pointer to a buffer that has already been freed. If the caller also frees this     buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an     attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service     attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and     therefore these functions are also directly affected. These functions are also called indirectly by a     number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file()     which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the     caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations     include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL     asn1parse command line application is also impacted by this issue. (CVE-2022-4450)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected. (CVE-2023-0215)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13024 advisory.

  - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected. (CVE-2023-0215)

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the name (e.g.
    CERTIFICATE), any header data and the payload data. If the function succeeds then the name_out,     header and data arguments are populated with pointers to buffers containing the relevant decoded data.
    The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results     in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate     the header argument with a pointer to a buffer that has already been freed. If the caller also frees this     buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an     attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service     attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and     therefore these functions are also directly affected. These functions are also called indirectly by a     number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file()     which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the     caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations     include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL     asn1parse command line application is also impacted by this issue. (CVE-2022-4450)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the linux-sgx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the 'name' (e.g.
    'CERTIFICATE'), any header data and the payload data. If the function succeeds then the 'name_out',     'header' and 'data' arguments are populated with pointers to buffers containing the relevant decoded data.
    The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results     in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate     the header argument with a pointer to a buffer that has already been freed. If the caller also frees this     buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an     attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service     attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and     therefore these functions are also directly affected. These functions are also called indirectly by a     number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file()     which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the     caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations     include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL     asn1parse command line application is also impacted by this issue. (CVE-2022-4450)

  - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected. (CVE-2023-0215)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

  - A security vulnerability has been identified in all supported versions of OpenSSL related to the     verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit     this vulnerability by creating a malicious certificate chain that triggers exponential use of     computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy     processing is disabled by default but can be enabled by passing the `-policy' argument to the command line     utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. (CVE-2023-0464)

  - Applications that use a non-default option when verifying certificates may be vulnerable to an attack from     a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are     silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A     malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent     policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled     by passing the `-policy' argument to the command line utilities or by calling the     `X509_VERIFY_PARAM_set1_policies()' function. (CVE-2023-0465)

  - The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy     check when doing certificate verification. However the implementation of the function does not enable the     check which allows certificates with invalid or incorrect policies to pass the certificate verification.
    As suddenly enabling the policy check could break existing deployments it was decided to keep the existing     behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to     perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the     policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument.
    Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.
    (CVE-2023-0466)

  - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be     very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL     subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to     very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT     IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit.
    OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the     OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT     IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER     is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the     translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n'     being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic     algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs     in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be     received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to     specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest     passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any     version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In     OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts     anything that processes X.509 certificates, including simple things like verifying its signature. The     impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's     certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client     authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509     certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so     these versions are considered not affected by this issue in such a way that it would be cause for concern,     and the severity is therefore considered low. (CVE-2023-2650)

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key     or DH parameters may experience long delays. Where the key or parameters that are being checked have been     obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs     various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter     value can also trigger an overly long computation during some of these checks. A correct q value, if     present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if     q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an     untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().
    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check'     option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS     providers are not affected by this issue. (CVE-2023-3817)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the nxtgn package has been released.

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-19 advisory.

  - Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of     the third-party components (OpenSSL, expat) were found to contain vulnerabilities, and updated versions     have been made available by the providers.    Out of caution and in line with best practice, Tenable has     opted to upgrade these components to address the potential impact of the issues. Nessus Network Monitor     6.2.1 updates OpenSSL to version 3.0.8 and expat to version 2.5.0 to address the identified     vulnerabilities. Tenable has released Nessus Network Monitor 6.2.1 to address these issues. The     installation files can be obtained from the Tenable Downloads Portal     (https://www.tenable.com/downloads/nessus-network-monitor). (CVE-2021-45960, CVE-2021-46143,     CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827,     CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25236, CVE-2022-25314, CVE-2022-25315,     CVE-2022-40674, CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217,     CVE-2023-0401)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Tenable Nessus application running on the remote host is between 8.15.4 and 8.15.8. It is, therefore, affected by multiple vulnerabilities in OpenSSL prior to version 1.1.1t:
    
    - An attacker that had observed a genuine connection between a client and a server could use the flaw to send trial       messages to the server and record the time taken to process them. After a sufficiently large number of messages       the attacker could recover the pre-master secret used for the original connection. (CVE-2022-4304)

    - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes any header data and the payload       data. Under certain conditions, a double free will occur. This will most likely lead to a crash. (CVE-2022-4450)

    - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. Under certain conditions,       the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously       freed filter BIO. This will most likely result in a crash. (CVE-2023-0215)

    - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of       the data under some circumstances. In the special case of in place encryption, sixteen bytes of the plaintext would be       revealed. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). (CVE-2022-2097)         Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

A vulnerability exists in the OpenSSL that affects the RTU500 Series product versions listed below.

RTU500 series CMU Firmware versions 12.0.1 – 12.0.15 12.2.1 – 12.2.12 12.4.1 – 12.4.12 12.6.1 – 12.6.9 12.7.1 – 12.7.6 13.2.1 – 13.2.6 13.3.1 – 13.3.3 13.4.2

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
201769	CBL Mariner 2.0 Security Update: edk2 / hvloader / cloud-hypervisor / rust / openssl (CVE-2022-4304)	Nessus	MarinerOS Local Security Checks	7/3/2024	7/3/2024	medium
177980	EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2275)	Nessus	Huawei Local Security Checks	7/4/2023	7/4/2023	high
186668	Oracle Linux 8 : edk2 (ELSA-2023-13025)	Nessus	Oracle Linux Local Security Checks	12/7/2023	12/7/2023	high
186671	Oracle Linux 9 : edk2 (ELSA-2023-13024)	Nessus	Oracle Linux Local Security Checks	12/7/2023	12/7/2023	high
188732	EulerOS 2.0 SP11 : linux-sgx (EulerOS-SA-2023-3047)	Nessus	Huawei Local Security Checks	1/16/2024	1/16/2024	high
204086	Photon OS 3.0: Nxtgn PHSA-2023-3.0-0530	Nessus	PhotonOS Local Security Checks	7/24/2024	7/24/2024	high
175428	Nessus Network Monitor < 6.2.1 Multiple Vulnerabilities (TNS-2023-19)	Nessus	Misc.	5/12/2023	5/12/2023	critical
172277	Tenable Nessus 8.15.x >= 8.15.4 and < 8.15.9 Multiple Vulnerabilities (TNS-2023-10)	Nessus	Misc.	3/8/2023	6/13/2024	medium
192206	Amazon Linux 2 : edk2 (ALAS-2024-2502)	Nessus	Amazon Linux Local Security Checks	3/18/2024	3/19/2024	critical
501743	ABB RTU500 Series OpenSSL Bleichenbacher Style Attack (CVE-2022-4304)	Tenable OT Security	Tenable.ot	9/29/2023	9/4/2024	medium
501840	Siemens SIMATIC and SCALANCE Products Encryption Strength (CVE-2022-4304)	Tenable OT Security	Tenable.ot	12/19/2023	9/4/2024	medium

Detections

Analytics

Plugins Search

medium

high

high

high

high

high

critical

medium

critical

medium

medium