Details of VAR-202107-1672

ID

VAR-202107-1672

CVE

CVE-2021-3618

TITLE

F5 Networks of nginx Vulnerability related to certificate verification in products of multiple vendors

Trust: 0.8

sources: JVNDB: JVNDB-2021-019676

DESCRIPTION

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. F5 Networks of nginx Products from other vendors contain vulnerabilities related to certificate validation.Information may be obtained and information may be tampered with. (CVE-2020-11724). ========================================================================== Ubuntu Security Notice USN-5371-2 April 28, 2022 nginx vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: nginx could be made to redirect network traffic. Software Description: - nginx: small, powerful, scalable web/proxy server Details: USN-5371-1 fixed several vulnerabilities in nginx. This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS. Original advisory details: It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11724) It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-36309) It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. (CVE-2021-3618) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: nginx-core 1.18.0-6ubuntu14.1 nginx-extras 1.18.0-6ubuntu14.1 nginx-light 1.18.0-6ubuntu14.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5371-2 https://ubuntu.com/security/notices/USN-5371-1 CVE-2021-3618 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1

Trust: 2.16

sources: NVD: CVE-2021-3618 // JVNDB: JVNDB-2021-019676 // VULHUB: VHN-395783 // VULMON: CVE-2021-3618 // PACKETSTORM: 166709 // PACKETSTORM: 168672 // PACKETSTORM: 166888 // PACKETSTORM: 174729

AFFECTED PRODUCTS

vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lt	version:	1.21.0	Trust: 1.0
vendor:	sendmail	model:	sendmail	scope:	lt	version:	8.17	Trust: 1.0
vendor:	vsftpd	model:	vsftpd	scope:	lt	version:	3.0.4	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	vsftpd	model:	vsftpd	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	nginx	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	sendmail consortium	model:	sendmail	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-019676 // NVD: CVE-2021-3618

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-3618
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-3618
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202107-216
value:	HIGH
Trust: 0.6
VULHUB:	VHN-395783
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-3618
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-3618
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-395783
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-3618
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-3618
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-395783 // VULMON: CVE-2021-3618 // JVNDB: JVNDB-2021-019676 // CNNVD: CNNVD-202107-216 // NVD: CVE-2021-3618

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.1
problemtype:	Illegal certificate verification (CWE-295) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-395783 // JVNDB: JVNDB-2021-019676 // NVD: CVE-2021-3618

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 168672 // PACKETSTORM: 174729 // CNNVD: CNNVD-202107-216

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202107-216

PATCH

title:	Top Page	url:	https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html	Trust: 0.8
title:	nginx Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=155955	Trust: 0.6
title:	Ubuntu Security Notice: USN-5371-3: nginx vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5371-3	Trust: 0.1
title:	Debian CVElist Bug Report Logs: nginx: CVE-2021-3618	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ef1074892d0995f0a511641c443018df	Trust: 0.1
title:	Ubuntu Security Notice: USN-5371-2: nginx vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5371-2	Trust: 0.1
title:	Ubuntu Security Notice: USN-5371-1: nginx vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5371-1	Trust: 0.1
title:	Amazon Linux 2: ALASNGINX1-2023-002	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASNGINX1-2023-002	Trust: 0.1
title:	Red Hat: CVE-2021-3618	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-3618	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-3618 log	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-172	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-172	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-132	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-132	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-171	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-171	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-136	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-136	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-3618	Trust: 0.1

sources: VULMON: CVE-2021-3618 // JVNDB: JVNDB-2021-019676 // CNNVD: CNNVD-202107-216

EXTERNAL IDS

db:	NVD	id:	CVE-2021-3618	Trust: 3.8
db:	PACKETSTORM	id:	168672	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-019676	Trust: 0.8
db:	PACKETSTORM	id:	166709	Trust: 0.7
db:	PACKETSTORM	id:	166888	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.6109	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1628	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.6139	Trust: 0.6
db:	CS-HELP	id:	SB2022042817	Trust: 0.6
db:	CS-HELP	id:	SB2022010906	Trust: 0.6
db:	CS-HELP	id:	SB2022041422	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-216	Trust: 0.6
db:	VULHUB	id:	VHN-395783	Trust: 0.1
db:	VULMON	id:	CVE-2021-3618	Trust: 0.1
db:	PACKETSTORM	id:	174729	Trust: 0.1

sources: VULHUB: VHN-395783 // VULMON: CVE-2021-3618 // JVNDB: JVNDB-2021-019676 // PACKETSTORM: 166709 // PACKETSTORM: 168672 // PACKETSTORM: 166888 // PACKETSTORM: 174729 // CNNVD: CNNVD-202107-216 // NVD: CVE-2021-3618

REFERENCES

url:	https://alpaca-attack.com/	Trust: 2.6
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1975623	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3618	Trust: 1.2
url:	https://ubuntu.com/security/cve-2021-3618	Trust: 0.6
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329	Trust: 0.6
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328	Trust: 0.6
url:	https://github.com/nginx/nginx/commit/173f16f736c10eae46cd15dd861b04b82d91a37a	Trust: 0.6
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010906	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6489853	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041422	Trust: 0.6
url:	https://vigilance.fr/vulnerability/nginx-man-in-the-middle-via-the-tls-extension-alpn-35818	Trust: 0.6
url:	https://packetstormsecurity.com/files/168672/ubuntu-security-notice-usn-5371-3.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6514817	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-3618/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042817	Trust: 0.6
url:	https://packetstormsecurity.com/files/166709/ubuntu-security-notice-usn-5371-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1628	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.6109	Trust: 0.6
url:	https://packetstormsecurity.com/files/166888/ubuntu-security-notice-usn-5371-2.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.6139	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36309	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11724	Trust: 0.3
url:	https://ubuntu.com/security/notices/usn-5371-1	Trust: 0.3
url:	https://ubuntu.com/security/notices/usn-5371-3	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/295.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2021-3618	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.3	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu11.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5371-2	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-6379-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/vsftpd/3.0.5-0ubuntu0.20.04.1	Trust: 0.1

CREDITS

Ubuntu

Trust: 0.4

sources: PACKETSTORM: 166709 // PACKETSTORM: 168672 // PACKETSTORM: 166888 // PACKETSTORM: 174729

SOURCES

db:	VULHUB	id:	VHN-395783
db:	VULMON	id:	CVE-2021-3618
db:	JVNDB	id:	JVNDB-2021-019676
db:	PACKETSTORM	id:	166709
db:	PACKETSTORM	id:	168672
db:	PACKETSTORM	id:	166888
db:	PACKETSTORM	id:	174729
db:	CNNVD	id:	CNNVD-202107-216
db:	NVD	id:	CVE-2021-3618

LAST UPDATE DATE

2024-08-14T12:39:40.605000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-395783	date:	2023-02-09T00:00:00
db:	VULMON	id:	CVE-2021-3618	date:	2023-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-019676	date:	2023-08-10T07:42:00
db:	CNNVD	id:	CNNVD-202107-216	date:	2023-05-19T00:00:00
db:	NVD	id:	CVE-2021-3618	date:	2023-02-09T02:03:34.457

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-395783	date:	2022-03-23T00:00:00
db:	VULMON	id:	CVE-2021-3618	date:	2022-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-019676	date:	2023-08-10T00:00:00
db:	PACKETSTORM	id:	166709	date:	2022-04-13T15:03:13
db:	PACKETSTORM	id:	168672	date:	2022-10-10T16:13:35
db:	PACKETSTORM	id:	166888	date:	2022-04-28T15:18:16
db:	PACKETSTORM	id:	174729	date:	2023-09-19T15:23:43
db:	CNNVD	id:	CNNVD-202107-216	date:	2021-07-05T00:00:00
db:	NVD	id:	CVE-2021-3618	date:	2022-03-23T20:15:09.833