// For flags

CVE-2019-5101

 

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function _ustream_ssl_poll, which is used to dispatch the read/write events

Se presenta una vulnerabilidad de filtrado de información explotable en la biblioteca ustream-ssl de OpenWrt, versiones 18.06.4 y 15.05.1. Cuando se conecta a un servidor remoto, se comprueba el certificado SSL del servidor, pero no se toman medidas cuando el certificado no es válido. Un atacante podría explotar este comportamiento al realizar un ataque de tipo man-in-the-middle, proporcionando cualquier certificado, conllevando al robo de todos los datos enviados por el cliente durante la primera petición. Después de que una conexión SSL se inicializa por medio de _ustream_ssl_init, y después de que cualquier dato (por ejemplo, la petición HTTP del cliente) se escribe en la secuencia usando ustream_printf, el código eventualmente ingresa a la función __ustream_ssl_poll, que es usada para enviar los eventos de lectura/escritura.

*Credits: Discovered by Claudio Bozzato of Cisco Talos.
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-04 CVE Reserved
  • 2019-11-18 CVE Published
  • 2023-03-23 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-295: Improper Certificate Validation
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openwrt
Search vendor "Openwrt"
Openwrt
Search vendor "Openwrt" for product "Openwrt"
15.05.1
Search vendor "Openwrt" for product "Openwrt" and version "15.05.1"
-
Affected
Openwrt
Search vendor "Openwrt"
Openwrt
Search vendor "Openwrt" for product "Openwrt"
18.06.4
Search vendor "Openwrt" for product "Openwrt" and version "18.06.4"
-
Affected