Sign-up

ID

VAR-201801-0248


CVE

CVE-2017-1000417


TITLE

MatrixSSL Vulnerabilities related to certificate validation

Trust: 0.8

sources: JVNDB: JVNDB-2017-012247

DESCRIPTION

MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates. MatrixSSL Contains a certificate validation vulnerability.Information may be tampered with. INSIDE Secure MatrixSSL is an embedded, open source SSLv3 protocol stack designed by French INSIDE Secure company for small applications and devices. There is a security vulnerability in INSIDE Secure MatrixSSL version 3.7.2, which originates from the program's use of conflicting IoT domain name comparison logic. An attacker could use this vulnerability to forge an IoT domain name

Trust: 2.7

sources: NVD: CVE-2017-1000417 // JVNDB: JVNDB-2017-012247 // CNVD: CNVD-2018-04352 // CNNVD: CNNVD-201801-844

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-04352

AFFECTED PRODUCTS

vendor:matrixsslmodel:matrixsslscope:eqversion:3.7.2

Trust: 2.4

vendor:peersecmodel:networks matrixsslscope:eqversion:3.7.2

Trust: 0.6

sources: CNVD: CNVD-2018-04352 // JVNDB: JVNDB-2017-012247 // CNNVD: CNNVD-201801-844 // NVD: CVE-2017-1000417

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1000417
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-1000417
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-04352
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201801-844
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-1000417
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-04352
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-1000417
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-04352 // JVNDB: JVNDB-2017-012247 // CNNVD: CNNVD-201801-844 // NVD: CVE-2017-1000417

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.8

sources: JVNDB: JVNDB-2017-012247 // NVD: CVE-2017-1000417

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-844

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201801-844

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012247

PATCH
title:MatrixSSL Release Notesurl:https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md
Trust: 0.8
title:Patch for INSIDE Secure MatrixSSL OID Spoofing Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/120259
Trust: 0.6
title:INSIDE Secure MatrixSSL Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78006
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-04352 // 
            
            
            
            JVNDB: JVNDB-2017-012247 // 
            
            
            
            CNNVD: CNNVD-201801-844

EXTERNAL IDS
db:NVDid:CVE-2017-1000417
Trust: 3.0
db:JVNDBid:JVNDB-2017-012247
Trust: 0.8
db:CNVDid:CNVD-2018-04352
Trust: 0.6
db:CNNVDid:CNNVD-201801-844
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-04352 // 
            
            
            
            JVNDB: JVNDB-2017-012247 // 
            
            
            
            CNNVD: CNNVD-201801-844 // 
            
            
            
            NVD: CVE-2017-1000417

REFERENCES
url:https://github.com/matrixssl/matrixssl/blob/master/doc/changes.md
Trust: 1.6
url:https://www.ieee-security.org/tc/sp2017/papers/231.pdf
Trust: 1.6
url:https://www.youtube.com/watch?v=fw--c_f_cy8
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2017-1000417
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1000417
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-04352 // 
            
            
            
            JVNDB: JVNDB-2017-012247 // 
            
            
            
            CNNVD: CNNVD-201801-844 // 
            
            
            
            NVD: CVE-2017-1000417

SOURCES
db:CNVDid:CNVD-2018-04352
db:JVNDBid:JVNDB-2017-012247
db:CNNVDid:CNNVD-201801-844
db:NVDid:CVE-2017-1000417

LAST UPDATE DATE
2024-11-23T23:05:15.623000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-04352date:2018-03-06T00:00:00
db:JVNDBid:JVNDB-2017-012247date:2018-02-28T00:00:00
db:CNNVDid:CNNVD-201801-844date:2018-01-23T00:00:00
db:NVDid:CVE-2017-1000417date:2024-11-21T03:04:41.597

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-04352date:2018-03-06T00:00:00
db:JVNDBid:JVNDB-2017-012247date:2018-02-28T00:00:00
db:CNNVDid:CNNVD-201801-844date:2018-01-23T00:00:00
db:NVDid:CVE-2017-1000417date:2018-01-22T23:29:00.270