IBM Support

Security Bulletin: Vulnerabilities in OpenSSL affect Proventia Network Active Bypass (CVE-2013-2566)

Security Bulletin


Summary

OpenSSL vulnerability (CVE-2013-2566) has been found to affect IBM Security Proventia Network Active Bypass

Vulnerability Details

CVEID: CVE-2013-2566

DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information, caused by the inclusion of multiple single-byte biases. An attacker could exploit this vulnerability using statistical analysis of ciphertext in a large number of sessions that use the same plaintext to conduct plaintext-recovery attacks and obtain sensitive information.

CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82884 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

Products: ABYP-0T-0S-4L-P, ABYP-0T-0S-4L-P-M, ABYP-0T-2S-2L-P, ABYP-0T-2S-2L-P-M, ABYP-0T-4S-0L-P, ABYP-0T-4S-0L-P-M, ABYP-10G-2SR-2LR-1-P, ABYP-10G-2SR-2LR-1-P-M, ABYP-10G-4LR-1-P, ABYP-10G-4LR-1-P-M, ABYP-10G-4SR-1-P, ABYP-10G-4SR-1-P-M, ABYP-2T-0S-2L-P, ABYP-2T-0S-2L-P-M, ABYP-2T-1S-1L-P, ABYP-2T-1S-1L-P-M, ABYP-2T-2S-0L-P, ABYP-2T-2S-0L-P-M, ABYP-4T-0S-0L-P, ABYP-4T-0S-0L-P-M, ABYP-4TL-P, ABYP-4TL-P-M, ABYP-4TS-P, ABYP-4TS-P-M

Firmware Versions:

1G NAB - 2.15-36, 2.16-37, 2.18-43, 3.4-23, 3.9-34, 3.13-41, 3.18-49, 3.25-57

10G NAB - 1.0.1876, 1.0.2919, 0343c3c, 2.11-28, 2.13-34, 2.15-36, 2.18-42, 3.4-23, 3.9-34, 3.13-41, 3.18-49, 3.25-57

Remediation/Fixes

The following IBM Thread Updates have the fixes for these vulnerabilities:


ProductVersionRemediation/First Fix
IBM Security Proventia Network Active Bypass 1G NAB - 2.15-36, 2.16-37, 2.18-43, 3.4-23, 3.9-34, 3.13-41, 3.18-49, 3.25-57Proventia 1G NAB Update 15 (fw3.29-9)
IBM Security Proventia Network Active Bypass 10G NAB - 1.0.1876, 1.0.2919, 0343c3c, 2.11-28, 2.13-34, 2.15-36, 2.18-42, 3.4-23, 3.9-34, 3.13-41, 3.18-49, 3.25-57Proventia 10G NAB Update 12 (fw3.29-9)

Get Notified about Future Security Bulletins

References

Off

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSB2MD","label":"IBM Security Network Active Bypass"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"3.0","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21958871