Search for vulnerabilities
Vulnerability details: VCID-tvpy-7bfy-aaad
Vulnerability ID VCID-tvpy-7bfy-aaad
Aliases CVE-2012-2686
VC-OPENSSL-20130205-CVE-2012-2686
Summary A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack.
Status Published
Exploitability 2.0
Weighted Severity 4.5
Risk 9.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-310 Cryptographic Issues
System Score Found at
epss 0.18334 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18334 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18334 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18334 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18334 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18334 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18334 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18334 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18334 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18334 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18626 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18626 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18626 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.18626 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.55985 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.7207 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2012-2686
generic_textual Medium http://www.openssl.org/news/secadv_20130204.txt
Reference id Reference type URL
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=125093b59f3c2a2d33785b5563d929d0472f1721
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://marc.info/?l=bugtraq&m=137545771702053&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2686.json
https://api.first.org/data/v1/epss?cve=CVE-2012-2686
https://bugzilla.redhat.com/show_bug.cgi?id=908029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
http://secunia.com/advisories/55108
http://secunia.com/advisories/55139
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18868
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19660
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001
http://support.apple.com/kb/HT5880
https://www.openssl.org/news/secadv/20130205.txt
http://www.openssl.org/news/secadv_20130204.txt
http://www.securityfocus.com/bid/57755
699889 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
CVE-2012-2686 https://nvd.nist.gov/vuln/detail/CVE-2012-2686
GLSA-201312-03 https://security.gentoo.org/glsa/201312-03
USN-1732-1 https://usn.ubuntu.com/1732-1/
Data source Metasploit
Description The AES-NI implementation of OpenSSL 1.0.1c does not properly compute the length of an encrypted message when used with a TLS version 1.1 or above. This leads to an integer underflow which can cause a DoS. The vulnerable function aesni_cbc_hmac_sha1_cipher is only included in the 64-bit versions of OpenSSL. This module has been tested successfully on Ubuntu 12.04 (64-bit) with the default OpenSSL 1.0.1c package.
Note 
Stability:
  - crash-service-down
SideEffects: []
Reliability: []
Ransomware campaign use Unknown
Source publication date Feb. 5, 2013
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/ssl/openssl_aesni.rb
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2012-2686
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96324
EPSS Score 0.18334
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.