Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2017-3736 | First vendor Publication | 2017-11-02 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 6.5 | ||
| Base Score | 6.5 | Environmental Score | 6.5 |
| impact SubScore | 3.6 | Temporal Score | 6.5 |
| Exploitabality Sub Score | 2.8 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | None | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-10-26 | Name : The remote EulerOS Virtualization host is missing a security update. File : EulerOS_SA-2018-1339.nasl - Type : ACT_GATHER_INFO |
| 2018-08-17 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2017-0042.nasl - Type : ACT_GATHER_INFO |
| 2018-07-03 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1179.nasl - Type : ACT_GATHER_INFO |
| 2018-05-11 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1016.nasl - Type : ACT_GATHER_INFO |
| 2018-05-02 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1115.nasl - Type : ACT_GATHER_INFO |
| 2018-04-27 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10851.nasl - Type : ACT_GATHER_INFO |
| 2018-04-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-0998.nasl - Type : ACT_GATHER_INFO |
| 2018-04-27 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-1004.nasl - Type : ACT_GATHER_INFO |
| 2018-01-17 | Name : A web application running on the remote host is affected by multiple vulnerab... File : mysql_enterprise_monitor_4_0_2_5168.nasl - Type : ACT_GATHER_INFO |
| 2017-12-18 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14363514.nasl - Type : ACT_GATHER_INFO |
| 2017-12-18 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-3343-1.nasl - Type : ACT_GATHER_INFO |
| 2017-12-18 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1381.nasl - Type : ACT_GATHER_INFO |
| 2017-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201712-03.nasl - Type : ACT_GATHER_INFO |
| 2017-12-14 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1324.nasl - Type : ACT_GATHER_INFO |
| 2017-12-07 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_9442a811dab311e7b5afa4badb2f4699.nasl - Type : ACT_GATHER_INFO |
| 2017-12-01 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-3169-1.nasl - Type : ACT_GATHER_INFO |
| 2017-11-16 | Name : The Tenable SecurityCenter application on the remote host contains an OpenSSL... File : securitycenter_openssl_1_0_2m.nasl - Type : ACT_GATHER_INFO |
| 2017-11-07 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-3475-1.nasl - Type : ACT_GATHER_INFO |
| 2017-11-06 | Name : A service running on the remote host is affected by an unspecified carry vuln... File : openssl_1_1_0g.nasl - Type : ACT_GATHER_INFO |
| 2017-11-06 | Name : A service running on the remote host is affected by an unspecified carry vuln... File : openssl_1_0_2m.nasl - Type : ACT_GATHER_INFO |
| 2017-11-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4018.nasl - Type : ACT_GATHER_INFO |
| 2017-11-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4017.nasl - Type : ACT_GATHER_INFO |
| 2017-11-03 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2017-306-02.nasl - Type : ACT_GATHER_INFO |
| 2017-11-03 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f40f07aac00f11e7ac58b499baebfeaf.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 13:06:58 |
|
| 2024-08-02 12:48:58 |
|
| 2024-08-02 01:13:52 |
|
| 2024-02-02 01:47:28 |
|
| 2024-02-01 12:13:16 |
|
| 2023-09-05 12:45:20 |
|
| 2023-09-05 01:13:00 |
|
| 2023-09-02 12:45:04 |
|
| 2023-09-02 01:13:18 |
|
| 2023-08-12 12:48:42 |
|
| 2023-08-12 01:12:47 |
|
| 2023-08-11 12:43:07 |
|
| 2023-08-11 01:13:08 |
|
| 2023-08-09 01:37:29 |
|
| 2023-08-06 12:41:45 |
|
| 2023-08-06 01:12:46 |
|
| 2023-08-04 12:41:55 |
|
| 2023-08-04 01:12:50 |
|
| 2023-07-14 12:41:58 |
|
| 2023-07-14 01:12:49 |
|
| 2023-03-29 01:43:39 |
|
| 2023-03-28 12:13:05 |
|
| 2022-10-11 12:37:24 |
|
| 2022-10-11 01:12:42 |
|
| 2022-02-08 01:28:21 |
|
| 2022-02-03 12:28:24 |
|
| 2021-05-04 13:01:39 |
|
| 2021-04-22 02:15:07 |
|
| 2020-05-23 02:06:15 |
|
| 2020-05-23 01:00:29 |
|
| 2019-07-24 12:03:54 |
|
| 2019-04-24 05:18:55 |
|
| 2019-04-24 00:18:53 |
|
| 2019-02-20 12:08:39 |
|
| 2019-01-17 00:19:17 |
|
| 2018-11-29 21:19:30 |
|
| 2018-11-29 17:19:35 |
|
| 2018-10-17 09:20:20 |
|
| 2018-09-21 17:19:32 |
|
| 2018-09-18 17:19:44 |
|
| 2018-08-29 17:20:04 |
|
| 2018-08-28 17:20:06 |
|
| 2018-08-10 12:06:53 |
|
| 2018-07-19 09:19:09 |
|
| 2018-07-14 09:19:21 |
|
| 2018-04-20 09:19:16 |
|
| 2018-04-12 09:18:54 |
|
| 2018-02-14 13:21:19 |
|
| 2018-01-18 21:22:37 |
|
| 2017-12-19 13:23:50 |
|
| 2017-12-16 13:23:35 |
|
| 2017-12-16 09:21:44 |
|
| 2017-12-15 13:23:45 |
|
| 2017-12-09 09:22:23 |
|
| 2017-12-08 13:23:04 |
|
| 2017-12-02 13:23:48 |
|
| 2017-11-30 21:22:34 |
|
| 2017-11-30 09:21:33 |
|
| 2017-11-19 12:04:22 |
|
| 2017-11-17 13:23:44 |
|
| 2017-11-10 09:23:08 |
|
| 2017-11-08 13:25:27 |
|
| 2017-11-08 09:23:54 |
|
| 2017-11-07 13:25:03 |
|
| 2017-11-06 09:22:42 |
|
| 2017-11-04 13:25:25 |
|
| 2017-11-04 09:23:50 |
|
| 2017-11-02 21:23:56 |
|
