CVE-2016-0701
Description
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
Risk Information
Base Score
3.7
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
27.483
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-0701,CVE-2015-3197 are fixed in OpenSSL (x64) 1.0.2f | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0.4 | Windows |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-2830-1) libssl1.0.0_1.0.2d-0ubuntu1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-2830-1) libssl1.0.0_1.0.2d-0ubuntu1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-2883-1) libssl1.0.0_1.0.2d-0ubuntu1.3_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-2883-1) libssl1.0.0_1.0.2d-0ubuntu1.3_amd64.deb | Linux |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Emergency Responder | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Jabber for Windows | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco MediaSense | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Mobility Services Engine | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Prime Optical | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Prime Performance Manager | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unified Contact Center Enterprise | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unified Intelligence Center | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unity Connection | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unity Express | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco IronPort Encryption Appliance Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco IronPort Email Security Appliance Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco UCS Director | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Nexus 7000 Series Switches | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For CiscoPro Workgroup EtherSwitch Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unified Computing System | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Prime Collaboration | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unified Communications Licensing | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco TelePresence Video Communication Server Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Conductor | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco ONS 15454 Series Multiservice Provisioning Platforms | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco IPS 4200 Series Sensors | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco AS Series Media Processor Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco TelePresence Administration Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unified Attendant Consoles | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unified Communications Manager (CallManager) | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco SIP IP Phone Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco IP Phone 8800 Series | NCM |
| CVE-2016-0701 | NCM |
| Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0701) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706049 | Security Update for Cisco Emergency Responder 12.0(0.98000.50) |
| PATCH-1705811 | Security Update for Cisco Jabber for Windows 11.6(1.38147) |
| PATCH-1705879 | Security Update for Cisco MediaSense 11.5(1.10000.6) |
| PATCH-1705808 | Security Update for Cisco Mobility Services Engine 8.0(130.12) |
| PATCH-1706040 | Security Update for Cisco Prime Optical 10.6(1) |
| PATCH-1706037 | Security Update for Cisco Prime Performance Manager 1.7(0.1703) |
| PATCH-1705943 | Security Update for Cisco Unified Contact Center Enterprise 11.6(1)SR0(0) |
| PATCH-1705886 | Security Update for Cisco Unified Intelligence Center 11.5(0.98000.126) |
| PATCH-1706048 | Security Update for Cisco Unity Connection 12.0(0.97000.184) |
| PATCH-1703070 | Security Update for Cisco Unity Express 6.2.1 |
| PATCH-1706003 | Security Update for Cisco IronPort Email Security Appliance Software 9.7.2-131 |
| PATCH-1705947 | Security Update for Cisco UCS Director 6.0(1.0) |
| PATCH-1705790 | Security Update for Cisco Nexus 7000 Series Switches 7.3(2)D1(1) |
| PATCH-1706035 | Security Update for CiscoPro Workgroup EtherSwitch Software 6.0(2)A8(4) |
| PATCH-1706036 | Security Update for Cisco Unified Computing System 3.2(1d) |
| PATCH-1705997 | Security Update for Cisco Prime Collaboration 11.0(0.815) |
| PATCH-1706042 | Security Update for Cisco Unified Communications Licensing 11.5(1.12001.2) |
| PATCH-1706044 | Security Update for Cisco TelePresence Video Communication Server Software X8.9.2 |
| PATCH-1705867 | Security Update for Cisco Conductor 3.600 |
| PATCH-1705963 | Security Update for Cisco ONS 15454 Series Multiservice Provisioning Platforms 10.6(2) |
| PATCH-1705754 | Security Update for Cisco IPS 4200 Series Sensors 7.3(5)P1 |
| PATCH-1705872 | Security Update for Cisco AS Series Media Processor Software CAL9.7 |
| PATCH-1705874 | Security Update for Cisco TelePresence Administration Software 6.1.13_3 |
| PATCH-1706047 | Security Update for Cisco Unified Attendant Consoles 11.0(2) |
| PATCH-1706016 | Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25) |
| PATCH-1705918 | Security Update for Cisco SIP IP Phone Software 11.7(1)MN19 |
| PATCH-1705974 | Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234