CVE-2021-4160

BN_mod_exp may produce incorrect results on MIPS

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).

Se presenta un bug de propagación carry en el procedimiento de cuadratura de MIPS32 y MIPS64. Muchos algoritmos de la CE están afectados, incluyendo algunas de las curvas por defecto de TLS versión 1.3. El impacto no es analizado en detalle, porque los requisitos previos para el ataque son considerados poco probables e incluyen el reuso de claves privadas. El análisis sugiere que los ataques contra RSA y DSA como resultado de este defecto serían muy difíciles de llevar a cabo y no se consideran probables. Los ataques contra DH se consideran apenas factibles (aunque muy difíciles) porque la mayor parte del trabajo necesario para deducir información sobre una clave privada puede llevarse a cabo fuera de línea. La cantidad de recursos necesarios para un ataque de este tipo sería significativa. Sin embargo, para que un ataque a TLS tenga sentido, el servidor tendría que compartir la clave privada DH entre múltiples clientes, lo que ya no es una opción desde CVE-2016-0701. Este problema afecta a OpenSSL versiones 1.0.2, 1.1.1 y 3.0.0. Se ha abordado en versiones 1.1.1m y 3.0.1 el 15 de diciembre de 2021. En el caso de la versión 1.0.2, ha sido abordada en el commit 6fc1aaaf3 de git, que sólo está disponible para los clientes de soporte premium. Estará disponible en la versión 1.0.2zc cuando sea publicada. El problema sólo afecta a OpenSSL en plataformas MIPS. Corregido en OpenSSL versión 3.0.1 (Afectado versión 3.0.0). Corregido en OpenSSL versión 1.1.1m (Afectado versión 1.1.1-1.1.1l). Corregido en OpenSSL versión 1.0.2zc-dev (Afectado versión 1.0.2-1.0.2zb)

*Credits: Bernd Edlinger

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2021-12-23 CVE Reserved
2022-01-28 CVE Published
2024-09-03 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf	Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
https://security.netapp.com/advisory/ntap-20240621-0006
https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://www.oracle.com/security-alerts/cpuapr2022.html	2024-06-21

URL	Date	SRC
https://security.gentoo.org/glsa/202210-02	2024-06-21
https://www.debian.org/security/2022/dsa-5103	2024-06-21
https://www.openssl.org/news/secadv/20220128.txt	2024-06-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.0.2 <= 1.0.2zb Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2 <= 1.0.2zb"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.1.1 < 1.1.1m Search vendor "Openssl" for product "Openssl" and version " >= 1.1.1 < 1.1.1m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha10		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha11		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha12		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha13		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha14		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha15		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha16		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha17		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha4		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha5		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha6		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha7		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha8		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		alpha9		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				3.0.0 Search vendor "Openssl" for product "Openssl" and version "3.0.0"		beta2		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected
Oracle Search vendor "Oracle"		Health Sciences Inform Publisher Search vendor "Oracle" for product "Health Sciences Inform Publisher"				6.2.1.1 Search vendor "Oracle" for product "Health Sciences Inform Publisher" and version "6.2.1.1"		-		Affected
Oracle Search vendor "Oracle"		Health Sciences Inform Publisher Search vendor "Oracle" for product "Health Sciences Inform Publisher"				6.3.1.1 Search vendor "Oracle" for product "Health Sciences Inform Publisher" and version "6.3.1.1"		-		Affected
Oracle Search vendor "Oracle"		Jd Edwards Enterpriseone Tools Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools"				9.2.6.3 Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools" and version "9.2.6.3"		-		Affected
Oracle Search vendor "Oracle"		Jd Edwards World Security Search vendor "Oracle" for product "Jd Edwards World Security"				a9.4 Search vendor "Oracle" for product "Jd Edwards World Security" and version "a9.4"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.59 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.59"		-		Affected
Siemens Search vendor "Siemens"		Sinec Ins Search vendor "Siemens" for product "Sinec Ins"				< 1.0 Search vendor "Siemens" for product "Sinec Ins" and version " < 1.0"		-		Affected
Siemens Search vendor "Siemens"		Sinec Ins Search vendor "Siemens" for product "Sinec Ins"				1.0 Search vendor "Siemens" for product "Sinec Ins" and version "1.0"		-		Affected
Siemens Search vendor "Siemens"		Sinec Ins Search vendor "Siemens" for product "Sinec Ins"				1.0 Search vendor "Siemens" for product "Sinec Ins" and version "1.0"		sp1		Affected
Oracle Search vendor "Oracle"		Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center"				12.4.0.0 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.4.0.0"		-		Affected