CVE-2014-3511

openssl: TLS protocol downgrade attack

Severity Score

5.9

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.

La función ssl23_get_client_hello en s23_srvr.c en OpenSSL 1.0.1 anterior a 1.0.1i permite a atacantes man-in-the-middle forzar el uso de TLS 1.0 mediante la provocación de la fragmentación de mensajes ClientHello comunicaciones entre un cliente y el servidor que ambos soportan versiones TLS posteriores, relacionado con un problema de 'degradación de protocolo'.

A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions.

Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) which are components of HP Insight Control server deployment. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE". The components of HP Insight Control server deployment could be exploited remotely to allow disclosure of information. HP Insight Control server deployment includes HP System Management Homepage (SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following jobs. This bulletin provides the information needed to update the vulnerable components in HP Insight Control server deployment. Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware. Revision 1 of this advisory.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2014-08-06 CVE Published
2024-08-06 CVE Updated
2025-04-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-390: Detection of Error Condition Without Action

CAPEC

References (63)

URL	Tag	Source
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc	X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1052.html	X_refsource_confirm
http://secunia.com/advisories/58962	Third Party Advisory
http://secunia.com/advisories/59700	Third Party Advisory
http://secunia.com/advisories/59710	Third Party Advisory
http://secunia.com/advisories/59756	Third Party Advisory
http://secunia.com/advisories/59887	Third Party Advisory
http://secunia.com/advisories/60022	Third Party Advisory
http://secunia.com/advisories/60221	Third Party Advisory
http://secunia.com/advisories/60377	Third Party Advisory
http://secunia.com/advisories/60493	Third Party Advisory
http://secunia.com/advisories/60684	Third Party Advisory
http://secunia.com/advisories/60803	Third Party Advisory
http://secunia.com/advisories/60810	Third Party Advisory
http://secunia.com/advisories/60890	Third Party Advisory
http://secunia.com/advisories/60917	Third Party Advisory
http://secunia.com/advisories/60921	Third Party Advisory
http://secunia.com/advisories/60938	Third Party Advisory
http://secunia.com/advisories/61017	Third Party Advisory
http://secunia.com/advisories/61043	Third Party Advisory
http://secunia.com/advisories/61100	Third Party Advisory
http://secunia.com/advisories/61139	Third Party Advisory
http://secunia.com/advisories/61184	Third Party Advisory
http://secunia.com/advisories/61775	Third Party Advisory
http://secunia.com/advisories/61959	Third Party Advisory
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21682293	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683389	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686997	X_refsource_confirm
http://www.arubanetworks.com/support/alerts/aid-08182014.txt	X_refsource_confirm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm	X_refsource_confirm
http://www.securityfocus.com/bid/69079	Vdb Entry
http://www.securitytracker.com/id/1030693	Vdb Entry
http://www.splunk.com/view/SP-CAAANHS	X_refsource_confirm
http://www.tenable.com/security/tns-2014-06	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/95162	Vdb Entry
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=280b1f1ad12131defcd986676a8fc9717aaa601b	X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888	X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380	X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10084	X_refsource_confirm
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html	Mailing List
https://support.citrix.com/article/CTX216642	X_refsource_confirm
https://techzone.ergon.ch/CVE-2014-3511	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc	2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html	2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html	2023-11-07
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html	2023-11-07
http://marc.info/?l=bugtraq&m=142350350616251&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142495837901899&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142624590206005&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142660345230545&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142791032306609&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=143290437727362&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=143290522027658&w=2	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0126.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0197.html	2023-11-07
http://security.gentoo.org/glsa/glsa-201412-39.xml	2023-11-07
http://www.debian.org/security/2014/dsa-2998	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1127504	2015-02-11
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc	2023-11-07
https://www.openssl.org/news/secadv_20140806.txt	2023-11-07
https://access.redhat.com/security/cve/CVE-2014-3511	2015-02-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta4		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta5		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0a Search vendor "Openssl" for product "Openssl" and version "1.0.0a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0b Search vendor "Openssl" for product "Openssl" and version "1.0.0b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0c Search vendor "Openssl" for product "Openssl" and version "1.0.0c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0d Search vendor "Openssl" for product "Openssl" and version "1.0.0d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0e Search vendor "Openssl" for product "Openssl" and version "1.0.0e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0f Search vendor "Openssl" for product "Openssl" and version "1.0.0f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0g Search vendor "Openssl" for product "Openssl" and version "1.0.0g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0h Search vendor "Openssl" for product "Openssl" and version "1.0.0h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0i Search vendor "Openssl" for product "Openssl" and version "1.0.0i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0j Search vendor "Openssl" for product "Openssl" and version "1.0.0j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0k Search vendor "Openssl" for product "Openssl" and version "1.0.0k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0l Search vendor "Openssl" for product "Openssl" and version "1.0.0l"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0m Search vendor "Openssl" for product "Openssl" and version "1.0.0m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1a Search vendor "Openssl" for product "Openssl" and version "1.0.1a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1b Search vendor "Openssl" for product "Openssl" and version "1.0.1b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1c Search vendor "Openssl" for product "Openssl" and version "1.0.1c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1d Search vendor "Openssl" for product "Openssl" and version "1.0.1d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1e Search vendor "Openssl" for product "Openssl" and version "1.0.1e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1f Search vendor "Openssl" for product "Openssl" and version "1.0.1f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1g Search vendor "Openssl" for product "Openssl" and version "1.0.1g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1h Search vendor "Openssl" for product "Openssl" and version "1.0.1h"		-		Affected