CVE-2018-6653

{"id": "CVE-2018-6653", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-03-01T00:29:00.207", "references": [{"url": "https://comforte.com/cve-2018-6653/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03827en_us", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0."}, {"lang": "es", "value": "comforte SWAP, de la versi\u00f3n 1049 hasta la 1069 y la versi\u00f3n 20.0.0 hasta la 21.5.3 (tal y como se emplea en SSLOBJ en HPE NonStop SSL T0910, y en los productos comforte SecurCS, SecurFTP, SecurLib/SSL-AT y SecurTN), tras ejecutar el comando RELOAD CERTIFICATES, no asegura que los clientes emplean una suite de cifrado TLS fuerte. Esto facilita que atacantes remotos superen los mecanismos de protecci\u00f3n criptogr\u00e1fica planeados rastreando la red. Esto se ha solucionado en la versi\u00f3n 21.6.0."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:comforte:swap:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6144D85F-3770-4544-9322-D7B4DDE76261", "versionEndIncluding": "21.5.3", "versionStartIncluding": "20.0.0"}, {"criteria": "cpe:2.3:a:comforte:swap:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03AA4533-30BC-4FB7-9756-E7860D9AA858", "versionEndIncluding": "1069", "versionStartIncluding": "1049"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:nonstop_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17C2C32B-5ABC-4679-9A99-F17829E36182"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}