Home

CVE-2014-8275

Description

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificates unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
6.234

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in OpenSSL (x64) 0.9.8zdWindows
Multiple vulnerabilities fixed in OpenSSL (x64) 1.0.0pWindows
Multiple vulnerabilities fixed in OpenSSL (x64) 1.0.1kWindows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 8.5Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 8.5.1Windows
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products For Cisco IOSNCM
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products For Cisco IOS XE SoftwareNCM
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products For Cisco NX-OS SoftwareNCM
CVE-2014-8275NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706090Security Update for Cisco IOS Amsterdam-17.2.1r
PATCH-1706107Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a)
PATCH-1706149Security Update for Cisco NX-OS Software 4.1(3a)UCSM

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234