Home

CVE-2017-3730

Description

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
41.699

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-3732,CVE-2017-3731,CVE-2017-3730 are fixed in OpenSSL (x64) 1.1.0dWindows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2Windows
Multiple Vulnerabilities are affected in JD Edwards EnterpriseOne Tools 9.2Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.0Windows
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Application Policy Infrastructure Controller (APIC)NCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Emergency ResponderNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco FinesseNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Jabber for MacNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Jabber for WindowsNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Jabber GuestNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Jabber Software Development KitNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco MediaSenseNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Prime InfrastructureNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Prime OpticalNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Prime Performance ManagerNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco UCS DirectorNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unified Contact Center ExpressNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unified Intelligence CenterNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unity ConnectionNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco ASR 5000 SeriesNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Firepower Management Center Virtual ApplianceNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco IronPort Security Management Appliance SoftwareNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Data Center Network ManagerNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For CiscoPro Workgroup EtherSwitch SoftwareNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unified Computing SystemNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Network RegistrarNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Access RegistrarNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Wireless Network Management Software SuiteNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Prime Network Analysis Module SoftwareNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Virtual Wireless ControllerNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Network Convergence System 540 Series RoutersNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Digital Media ManagerNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unified Communications LicensingNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Telepresence Integrator C SeriesNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco TelePresence Video Communication Server SoftwareNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Video Surveillance ManagerNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Identity Services EngineNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco WAN Automation Engine (WAE)NCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For NCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco 1000 Series Connected Grid RoutersNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unified Attendant ConsolesNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Hosted Collaboration Solution (HCS)NCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Prime CollaborationNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unified Communications Manager (CallManager)NCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco SIP IP Phone SoftwareNCM
NULL Pointer Dereference Vulnerability (CVE-2017-3730)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706006Security Update for Cisco Application Policy Infrastructure Controller (APIC) 1.3(2k)
PATCH-1706049Security Update for Cisco Emergency Responder 12.0(0.98000.50)
PATCH-1705887Security Update for Cisco Finesse 11.5(0.98000.126)
PATCH-1705811Security Update for Cisco Jabber for Windows 11.6(1.38147)
PATCH-1705783Security Update for Cisco Jabber Guest 10.6(11)
PATCH-1706051Security Update for Cisco Jabber Software Development Kit 11.8(2)
PATCH-1705879Security Update for Cisco MediaSense 11.5(1.10000.6)
PATCH-1705595Security Update for Cisco Prime Infrastructure 2.2(2)
PATCH-1706040Security Update for Cisco Prime Optical 10.6(1)
PATCH-1706037Security Update for Cisco Prime Performance Manager 1.7(0.1703)
PATCH-1705947Security Update for Cisco UCS Director 6.0(1.0)
PATCH-1706052Security Update for Cisco Unified Contact Center Express 11.6(1)
PATCH-1705886Security Update for Cisco Unified Intelligence Center 11.5(0.98000.126)
PATCH-1706048Security Update for Cisco Unity Connection 12.0(0.97000.184)
PATCH-1706032Security Update for Cisco ASR 5000 Series 21.3.A0.66703
PATCH-1705938Security Update for Cisco Firepower Management Center Virtual Appliance 6.1.0.1
PATCH-1706033Security Update for Cisco IronPort Security Management Appliance Software 11.0.1-152
PATCH-1706034Security Update for Cisco Data Center Network Manager 10.1(1.158)S0
PATCH-1706035Security Update for CiscoPro Workgroup EtherSwitch Software 6.0(2)A8(4)
PATCH-1706036Security Update for Cisco Unified Computing System 3.2(1d)
PATCH-1706038Security Update for Cisco Network Registrar 9.1
PATCH-1706039Security Update for Cisco Access Registrar 8.0
PATCH-1705952Security Update for Cisco Wireless Network Management Software Suite 8.0(150)
PATCH-1706008Security Update for Cisco Prime Network Analysis Module Software 6.2(3)
PATCH-1705937Security Update for Cisco Virtual Wireless Controller 8.3(15.155)
PATCH-1706041Security Update for Cisco Network Convergence System 540 Series Routers 6.4.1.8i.BASE
PATCH-1705797Security Update for Cisco Digital Media Manager 5.6.3
PATCH-1706042Security Update for Cisco Unified Communications Licensing 11.5(1.12001.2)
PATCH-1706043Security Update for Cisco Telepresence Integrator C Series 9.1.1
PATCH-1706044Security Update for Cisco TelePresence Video Communication Server Software X8.9.2
PATCH-1706045Security Update for Cisco Video Surveillance Manager 7.10
PATCH-1706002Security Update for Cisco Identity Services Engine 2.0(0.905)
PATCH-1706046Security Update for Cisco WAN Automation Engine (WAE) v6.4.6dev-43-g887096e25e6
PATCH-1706026Security Update for CAF-1.2.0.0
PATCH-1705873Security Update for Cisco 1000 Series Connected Grid Routers 15.6(3.0q)M
PATCH-1706047Security Update for Cisco Unified Attendant Consoles 11.0(2)
PATCH-1706050Security Update for Cisco Hosted Collaboration Solution (HCS) 11.5(1.93540.24)
PATCH-1705997Security Update for Cisco Prime Collaboration 11.0(0.815)
PATCH-1706016Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25)
PATCH-1705918Security Update for Cisco SIP IP Phone Software 11.7(1)MN19

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234