CVE-2013-1654
Puppet: SSL protocol downgrade
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.
Puppet v2.7.x anterior a v2.7.21 y v3.1.x anterior a v3.1.1, y Puppet Enterprise v2.7.x anterior a v2.7.2, no negocian correctamente el protocolo SSL entre el cliente y el master, lo que permite a atacantes remotos llevar a cabo ataques SSLv2 contra sesiones SSLv3 mediante vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-11 CVE Reserved
- 2013-03-13 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/64758 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html | 2019-07-10 | |
| http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html | 2019-07-10 | |
| http://rhn.redhat.com/errata/RHSA-2013-0710.html | 2019-07-10 | |
| http://secunia.com/advisories/52596 | 2019-07-10 | |
| http://ubuntu.com/usn/usn-1759-1 | 2019-07-10 | |
| http://www.debian.org/security/2013/dsa-2643 | 2019-07-10 | |
| https://puppetlabs.com/security/cve/cve-2013-1654 | 2019-07-10 | |
| https://access.redhat.com/security/cve/CVE-2013-1654 | 2013-04-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=919770 | 2013-04-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.2 Search vendor "Puppet" for product "Puppet" and version "2.7.2" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.3 Search vendor "Puppet" for product "Puppet" and version "2.7.3" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.4 Search vendor "Puppet" for product "Puppet" and version "2.7.4" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.5 Search vendor "Puppet" for product "Puppet" and version "2.7.5" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.6 Search vendor "Puppet" for product "Puppet" and version "2.7.6" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.7 Search vendor "Puppet" for product "Puppet" and version "2.7.7" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.8 Search vendor "Puppet" for product "Puppet" and version "2.7.8" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.9 Search vendor "Puppet" for product "Puppet" and version "2.7.9" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.10 Search vendor "Puppet" for product "Puppet" and version "2.7.10" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.11 Search vendor "Puppet" for product "Puppet" and version "2.7.11" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.12 Search vendor "Puppet" for product "Puppet" and version "2.7.12" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.13 Search vendor "Puppet" for product "Puppet" and version "2.7.13" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.14 Search vendor "Puppet" for product "Puppet" and version "2.7.14" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.16 Search vendor "Puppet" for product "Puppet" and version "2.7.16" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.17 Search vendor "Puppet" for product "Puppet" and version "2.7.17" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.18 Search vendor "Puppet" for product "Puppet" and version "2.7.18" | - |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 2.7.0 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.0" | - |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 2.7.1 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.1" | - |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 2.7.19 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.19" | - |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 2.7.20 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.20" | - |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 2.7.20 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.20" | rc1 |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 3.1.0 Search vendor "Puppet" for product "Puppet Enterprise" and version "3.1.0" | - |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 2.7.0 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.0" | enterprise |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 2.7.1 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.1" | enterprise |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 11.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "11.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.10" | - |
Affected
| ||||||