Knowledge Search


×
 

2013-08 Security Bulletin: Network and Security Manager: DoS due to repeated SSL session renegotiations (CVE-2011-1473)

  [JSA10584] Show Article Properties


Product Affected:
NSM3000 and NSMExpress with NSM releases 2010.3, 2011.4, 2012.1, 2012.2 and NSM software releases 2010.3, 2011.4, 2012.1, 2012.2.
Problem:
A vulnerability has been reported against virtually all versions of OpenSSL stating that client-initiated renegotiation is not properly restricted within the SSL and TLS protocols. This might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. Some network services in Network and Security Manager (NSM) utilizing SSL/TLS were found vulnerable to this issue.

This issue has been assigned CVE-2011-1473.
Solution:
Network services in NSM utilizing SSL/TLS have been fixed to resolve this vulnerability.
NSM Releases containing the fix specifically include:
  • 2010.3s13
  • 2011.4s10
  • 2012.1R7
  • 2012.2R3
All subsequent releases will also contain the fix.

This issue is being tracked as PR 745721 and is visible on the Customer Support website. A Customer Support login is required.
Workaround:
Use access lists or firewall filters to limit access to NSM from only trusted networks.
Implementation:
 
Related Links:
CVSS Score:
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Severity Level:
Medium
Severity Assessment:
A network based attacker (AV:N) can easily (A:L) cause a partial DoS condition (A:P)
Acknowledgements: