Home

CVE-2014-3570

Description

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
6.835

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in OpenSSL (x64) 0.9.8zdWindows
Multiple vulnerabilities fixed in OpenSSL (x64) 1.0.0pWindows
Multiple vulnerabilities fixed in OpenSSL (x64) 1.0.1kWindows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 8.5Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 8.5.1Windows
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products For Cisco IOSNCM
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products For Cisco IOS XE SoftwareNCM
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products For Cisco NX-OS SoftwareNCM
CVE-2014-3570NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706090Security Update for Cisco IOS Amsterdam-17.2.1r
PATCH-1706107Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a)
PATCH-1706149Security Update for Cisco NX-OS Software 4.1(3a)UCSM

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234