Guest

Preview Tool

Cisco Bug: CSCuq46010 - PCA: GnuTLS Vulnerabilities

Last Modified

Jan 30, 2020

Products (2)

  • Cisco Prime Collaboration
  • Cisco Prime Collaboration 10.6

Known Affected Releases

10.6

Description (partial)

Symptoms:
Cisco Prime Collaboration Manager contains a version of GNU Transport Layer Security library (GNU tls) that is affected by the vulnerabilities
identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2009-5138: GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as
intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue
new certificates, a different vulnerability than CVE-2014-1959. This has been classified by the vendor as having a CVSSv2 score of 5.8
(AV:N/AC:M/AU:N/C:P/I:P/A:N)

CVE-2011-4128: Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before
3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application
crash) via a large SessionTicket. This has been classified by the vendor as having a CVSSv2 score of 4.3 (AV:N/AC:M/AU:N/C:N/I:N/A:P)

CVE-2012-1569: The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products,
does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and
application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. This has been classified by the vendor as having a
CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2012-1573: gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block
cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as
demonstrated by a crafted GenericBlockCipher structure. This has been classified by the vendor as having a CVSSv2 score of 5.0
(AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2013-1619: The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing
side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to
conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to
CVE-2013-0169. This has been classified by the vendor as having a CVSSv2 score of 4.0 (AV:N/AC:H/AU:N/C:P/I:P/A:N)

CVE-2013-2116: The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of
service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. This has been
classified by the vendor as having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2014-0092: lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509
certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. This has been classified by
the vendor as having a CVSSv2 score of 5.8 (AV:N/AC:M/AU:N/C:P/I:P/A:N)

CVE-2014-3466: Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and
3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session
id in a ServerHello message. This has been classified by the vendor as having a CVSSv2 score of 6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2014-3468: The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is
identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. This has been classified by the vendor
as having a CVSSv2 score of 6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)

This bug was opened to address the potential impact on this product.

Conditions:
Running version of the software prior to the Known Fixed Releases
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.