CVE-2019-5101
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function _ustream_ssl_poll, which is used to dispatch the read/write events
Se presenta una vulnerabilidad de filtrado de información explotable en la biblioteca ustream-ssl de OpenWrt, versiones 18.06.4 y 15.05.1. Cuando se conecta a un servidor remoto, se comprueba el certificado SSL del servidor, pero no se toman medidas cuando el certificado no es válido. Un atacante podría explotar este comportamiento al realizar un ataque de tipo man-in-the-middle, proporcionando cualquier certificado, conllevando al robo de todos los datos enviados por el cliente durante la primera petición. Después de que una conexión SSL se inicializa por medio de _ustream_ssl_init, y después de que cualquier dato (por ejemplo, la petición HTTP del cliente) se escribe en la secuencia usando ustream_printf, el código eventualmente ingresa a la función __ustream_ssl_poll, que es usada para enviar los eventos de lectura/escritura.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-04 CVE Reserved
- 2019-11-18 CVE Published
- 2023-03-23 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openwrt Search vendor "Openwrt" | Openwrt Search vendor "Openwrt" for product "Openwrt" | 15.05.1 Search vendor "Openwrt" for product "Openwrt" and version "15.05.1" | - |
Affected
| ||||||
Openwrt Search vendor "Openwrt" | Openwrt Search vendor "Openwrt" for product "Openwrt" | 18.06.4 Search vendor "Openwrt" for product "Openwrt" and version "18.06.4" | - |
Affected
|