CVE-2019-5102
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.
Se presenta una vulnerabilidad de filtrado de información explotable en la biblioteca ustream-ssl de OpenWrt, versiones 18.06.4 y 15.05.1. Cuando se conecta a un servidor remoto, se comprueba el certificado SSL del servidor, pero no se toman medidas cuando el certificado no es válido. Un atacante podría explotar este comportamiento al realizar un ataque de tipo man-in-the-middle, proporcionando cualquier certificado, conllevando al robo de todos los datos enviados por el cliente durante la primera petición.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-04 CVE Reserved
- 2019-11-18 CVE Published
- 2023-03-23 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openwrt Search vendor "Openwrt" | Openwrt Search vendor "Openwrt" for product "Openwrt" | 15.05.1 Search vendor "Openwrt" for product "Openwrt" and version "15.05.1" | - |
Affected
| ||||||
Openwrt Search vendor "Openwrt" | Openwrt Search vendor "Openwrt" for product "Openwrt" | 18.06.4 Search vendor "Openwrt" for product "Openwrt" and version "18.06.4" | - |
Affected
|