CVE-2017-3733
Description
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
5.892
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2017-3733 are fixed in OpenSSL (x64) 1.1.0e | Windows |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Application Policy Infrastructure Controller (APIC) | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Emergency Responder | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Finesse | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Jabber for Windows | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Jabber Guest | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Jabber Software Development Kit | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco MediaSense | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Prime Infrastructure | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Prime Optical | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Prime Performance Manager | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco UCS Director | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unified Contact Center Express | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unified Intelligence Center | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unity Connection | NCM |
| Vulnerabilities CVE-2017-3733 are affected in operations_agent 11.15 | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco ASR 5000 Series | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Firepower Management Center Virtual Appliance | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco IronPort Security Management Appliance Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Data Center Network Manager | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For CiscoPro Workgroup EtherSwitch Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unified Computing System | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Network Registrar | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Access Registrar | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Wireless Network Management Software Suite | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Prime Network Analysis Module Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Virtual Wireless Controller | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Network Convergence System 540 Series Routers | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Digital Media Manager | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unified Communications Licensing | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Telepresence Integrator C Series | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco TelePresence Video Communication Server Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Video Surveillance Manager | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Identity Services Engine | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco WAN Automation Engine (WAE) | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco 1000 Series Connected Grid Routers | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unified Attendant Consoles | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Hosted Collaboration Solution (HCS) | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Prime Collaboration | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco Unified Communications Manager (CallManager) | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017 For Cisco SIP IP Phone Software | NCM |
| Improper Input Validation Vulnerability (CVE-2017-3733) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706006 | Security Update for Cisco Application Policy Infrastructure Controller (APIC) 1.3(2k) |
| PATCH-1706049 | Security Update for Cisco Emergency Responder 12.0(0.98000.50) |
| PATCH-1705887 | Security Update for Cisco Finesse 11.5(0.98000.126) |
| PATCH-1705811 | Security Update for Cisco Jabber for Windows 11.6(1.38147) |
| PATCH-1705783 | Security Update for Cisco Jabber Guest 10.6(11) |
| PATCH-1706051 | Security Update for Cisco Jabber Software Development Kit 11.8(2) |
| PATCH-1705879 | Security Update for Cisco MediaSense 11.5(1.10000.6) |
| PATCH-1705595 | Security Update for Cisco Prime Infrastructure 2.2(2) |
| PATCH-1706040 | Security Update for Cisco Prime Optical 10.6(1) |
| PATCH-1706037 | Security Update for Cisco Prime Performance Manager 1.7(0.1703) |
| PATCH-1705947 | Security Update for Cisco UCS Director 6.0(1.0) |
| PATCH-1706052 | Security Update for Cisco Unified Contact Center Express 11.6(1) |
| PATCH-1705886 | Security Update for Cisco Unified Intelligence Center 11.5(0.98000.126) |
| PATCH-1706048 | Security Update for Cisco Unity Connection 12.0(0.97000.184) |
| PATCH-1706032 | Security Update for Cisco ASR 5000 Series 21.3.A0.66703 |
| PATCH-1705938 | Security Update for Cisco Firepower Management Center Virtual Appliance 6.1.0.1 |
| PATCH-1706033 | Security Update for Cisco IronPort Security Management Appliance Software 11.0.1-152 |
| PATCH-1706034 | Security Update for Cisco Data Center Network Manager 10.1(1.158)S0 |
| PATCH-1706035 | Security Update for CiscoPro Workgroup EtherSwitch Software 6.0(2)A8(4) |
| PATCH-1706036 | Security Update for Cisco Unified Computing System 3.2(1d) |
| PATCH-1706038 | Security Update for Cisco Network Registrar 9.1 |
| PATCH-1706039 | Security Update for Cisco Access Registrar 8.0 |
| PATCH-1705952 | Security Update for Cisco Wireless Network Management Software Suite 8.0(150) |
| PATCH-1706008 | Security Update for Cisco Prime Network Analysis Module Software 6.2(3) |
| PATCH-1705937 | Security Update for Cisco Virtual Wireless Controller 8.3(15.155) |
| PATCH-1706041 | Security Update for Cisco Network Convergence System 540 Series Routers 6.4.1.8i.BASE |
| PATCH-1705797 | Security Update for Cisco Digital Media Manager 5.6.3 |
| PATCH-1706042 | Security Update for Cisco Unified Communications Licensing 11.5(1.12001.2) |
| PATCH-1706043 | Security Update for Cisco Telepresence Integrator C Series 9.1.1 |
| PATCH-1706044 | Security Update for Cisco TelePresence Video Communication Server Software X8.9.2 |
| PATCH-1706045 | Security Update for Cisco Video Surveillance Manager 7.10 |
| PATCH-1706002 | Security Update for Cisco Identity Services Engine 2.0(0.905) |
| PATCH-1706046 | Security Update for Cisco WAN Automation Engine (WAE) v6.4.6dev-43-g887096e25e6 |
| PATCH-1706026 | Security Update for CAF-1.2.0.0 |
| PATCH-1705873 | Security Update for Cisco 1000 Series Connected Grid Routers 15.6(3.0q)M |
| PATCH-1706047 | Security Update for Cisco Unified Attendant Consoles 11.0(2) |
| PATCH-1706050 | Security Update for Cisco Hosted Collaboration Solution (HCS) 11.5(1.93540.24) |
| PATCH-1705997 | Security Update for Cisco Prime Collaboration 11.0(0.815) |
| PATCH-1706016 | Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25) |
| PATCH-1705918 | Security Update for Cisco SIP IP Phone Software 11.7(1)MN19 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234