cbcvebase.
CVE-2012-2686
published 2013-02-08

CVE-2012-2686: crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to…

PriorityP334medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
39.59%
98.4th percentile
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianopenssl< openssl 1.0.1e-1 (bookworm)openssl 1.0.1e-1 (bookworm)
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl>= 0 < 1.0.1e-11.0.1e-1
opensslopenssl>= 0 < 1.0.1e-11.0.1e-1
opensslopenssl>= 0 < 1.0.1e-11.0.1e-1
opensslopenssl>= 0 < 1.0.1e-11.0.1e-1

Detection & IOCsextracted from sources · hover to see the quote

pathcrypto/evp/e_aes_cbc_hmac_sha1.c
processaesni_cbc_hmac_sha1_cipher
  • Target is only vulnerable on 64-bit OpenSSL 1.0.1 builds (before 1.0.1d); 32-bit builds do not include the vulnerable AES-NI code path.
  • The exploit triggers an integer underflow via crafted CBC data in TLS 1.1 or TLS 1.2 handshakes; monitor for unexpected application crashes in OpenSSL-linked services receiving TLS 1.1/1.2 CBC traffic.
  • A Metasploit auxiliary module (auxiliary/dos/ssl/openssl_aesni) exists for this CVE; presence of this module in use against TLS services is a strong indicator of exploitation attempts.
  • ·Red Hat Enterprise Linux 5 and 6 are NOT affected because their shipped OpenSSL versions did not include TLS 1.1 or 1.2 support.
  • ·Only Ubuntu 12.04 LTS and Ubuntu 12.10 (64-bit) with OpenSSL 1.0.1c are confirmed affected; the vulnerability is scoped to AES-NI hardware-accelerated platforms.
  • ·The initial patch (USN-1732-1) was temporarily reverted (USN-1732-2) due to a regression causing AES-NI decryption failures; the final fix was re-applied in USN-1732-3 with an additional upstream regression fix.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.