Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1793 — Openssl vulnerability

CWE-25414 documents12 sources

Severity

6.5MEDIUMNVD

EPSS

76.4%

top 1.06%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Openssl Oracle Opus 10G Ethernet Switch Family Oracle JD Edwards Enterpriseone Tools +2 more

Timeline

PublishedJul 9

Latest updateNov 7

Description

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages6 packages

▶Debianopenssl/openssl< 1.0.2d-1+3

▶NVDopenssl/openssl4 versions+3

▶NVDoracle/opus_10g_ethernet_switch_family2.0.0.6

▶Palo Altopaloalto/cortex_xdr

▶NVDoracle/supply_chain_products_suite6.1.2.2, 6.1.3.0, 6.2.0+2

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-4j29-v246-6w5w: The X509_verify_cert function in crypto/x509/x509_vfy↗2022-05-14

▶

CVEList

CVE-2015-1793: The X509_verify_cert function in crypto/x509/x509_vfy↗2015-07-09

▶

OSV

CVE-2015-1793: The X509_verify_cert function in crypto/x509/x509_vfy↗2015-07-09

▶

💥Exploits & PoCs

Exploit-DB

OpenSSL - Alternative Chains Certificate Forgery↗2015-11-05

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent↗2024-11-07

▶

Cisco

OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products↗2015-07-10

▶

Red Hat

openssl: alternative chains certificate forgery↗2015-07-09

▶

BSD

FreeBSD-SA-15:12.openssl: OpenSSL alternate chains certificate forgery vulnerability↗2015-07-09

▶

Debian

CVE-2015-1793: openssl - The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1...↗2015

▶

🕵️Threat Intelligence

Qualys

OpenSSL Vulnerability | Qualys↗2015-07-08

▶

Qualys

OpenSSL Vulnerability | Qualys↗2015-07-08

▶

💬Community

Bugzilla

CVE-2015-1793 openssl: alternative chains certificate forgery [fedora-all]↗2015-07-09

▶

Bugzilla

CVE-2015-1793 openssl: alternative chains certificate forgery↗2015-07-02

▶