CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0727

High Severity
Openssl
SVRS
54/100
CVSSv3
5.5/10
EPSS
0.00165/1

CVE-2024-0727 is a vulnerability in OpenSSL where processing a maliciously formatted PKCS12 file can cause a crash, leading to a denial-of-service (DoS). This vulnerability arises because OpenSSL doesn't properly handle NULL fields within PKCS12 files, potentially causing a NULL pointer dereference. Applications loading PKCS12 files from untrusted sources are at risk, specifically those using the PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass() APIs. Although the CVSS score is 5.5, SOCRadar's SVRS assigns a score of 54, indicating a moderate risk. This means that while not critical, the vulnerability should still be addressed promptly to prevent potential DoS attacks affecting application availability.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:N
UI:R
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-01-26
LAST MODIFIED2024-10-14
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-0727 is a vulnerability in OpenSSL, a widely used cryptographic library, that can lead to a Denial of Service (DoS) attack. The issue arises when OpenSSL processes a maliciously formatted PKCS12 file, causing the application to terminate abruptly. This vulnerability affects applications that load PKCS12 files from untrusted sources using OpenSSL APIs.

Key Insights:

  1. Severity: The SOCRadar Vulnerability Risk Score (SVRS) for CVE-2024-0727 is 38, indicating a moderate risk. While the CVSS score is 0, the SVRS considers additional factors such as social media, news, code repositories, dark/deep web data, and associations with threat actors and malware. This suggests that the vulnerability could be exploited in the wild and requires attention.

  2. Impact: The successful exploitation of this vulnerability can lead to a DoS attack, causing applications that process PKCS12 files from untrusted sources to crash. This can disrupt critical services and compromise the availability of systems.

  3. Affected Components: The vulnerable OpenSSL APIs include PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes(), and PKCS12_newpass(). Additionally, SMIME_write_PKCS7() is also affected, but it is not considered security significant as it relates to writing data.

Mitigation Strategies:

  1. Update OpenSSL: The most effective mitigation strategy is to update OpenSSL to the latest version (3.0.8 or later) that addresses this vulnerability. This will ensure that applications using the updated OpenSSL version are protected from this vulnerability.

  2. Restrict Untrusted File Access: Organizations should implement strict controls to restrict access to untrusted PKCS12 files. This can be achieved by implementing file access controls, network segmentation, and firewalls to prevent unauthorized access to sensitive data.

  3. Implement Intrusion Detection and Prevention Systems (IDPS): Deploying IDPS can help detect and block malicious traffic targeting the vulnerable OpenSSL APIs. This can provide an additional layer of protection against potential attacks.

  4. Educate Users: Organizations should educate users about the risks associated with opening untrusted PKCS12 files. Users should be advised to exercise caution when handling files from unknown or untrusted sources.

Additional Information:

  • Threat Actors/APT Groups: There is no information available regarding specific threat actors or APT groups actively exploiting this vulnerability.

  • Exploit Status: Active exploits have not been published at this time.

  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.

  • In the Wild: There is no evidence to suggest that this vulnerability is actively exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
URL
http://sieci.superhost.pl2024-11-18
URL
https://agentepiupbx.my3cx.it2024-11-18
HASH
0921d4474425d17b8142e9e69034c43884e2c9ee79c41cbb05f8afb6885c8d662024-11-18
HASH
113ef850216565496269f7e90a8df86536eafcaab13c0a9e450e3ac89d63b5e32024-11-18
HASH
171bc11f6b84c8280e6e17e4c5995e12ae23a27ea5e2d4da08369148a5d69cbe2024-11-18
HASH
1d296b639d7cdff9e800596f919670e4128bd3cdf31ae81c780ffb87ed4f89342024-11-18
HASH
27d449ffe13aa137196808cf78b00edbda942cc1749122428ec4be4072729d102024-11-18

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Siemens SIDIS Prime
CISA2025-04-11
Siemens SIDIS Prime | As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT
cisa.gov
rss
forum
news
Siemens SCALANCE W700
CISA2025-02-13
Siemens SCALANCE W700 | As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services
cisa.gov
rss
forum
news
1.791
2024-12-17
1.791 | Newly Added (13)Security Vulnerabilities fixed in Adobe ColdFusion APSB24-14Cleo Harmony CVE-2024-50623 Remote Code Execution VulnerabilityCleo LexiCom CVE-2024-50623 Remote Code Execution VulnerabilityCleo VLTrader CVE
fortiguard.com
rss
forum
news
Siemens SINEC NMS
CISA2024-11-14
Siemens SINEC NMS | As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF
cisa.gov
rss
forum
news
Siemens SINEC INS
CISA2024-11-14
Siemens SINEC INS | As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF
cisa.gov
rss
forum
news
Mitsubishi Electric MELSEC iQ-F FX5-OPC
CISA2024-10-01
Mitsubishi Electric MELSEC iQ-F FX5-OPC | View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric <
cisa.gov
rss
forum
news
1.693
2024-06-19
1.693 | Newly Added (3)OpenSSL CVE-2024-0727 Out of Bounds Write VulnerabilityOpenSSL CVE-2024-2511 Out of Bounds Write VulnerabilityRockwell Automation FactoryTalk Service Platform CVE-2024-21915 Privilege Escalation Vulnerability
fortiguard.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
AppOpensslopenssl

References

ReferenceLink
[email protected]https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
[email protected]https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a
[email protected]https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c
[email protected]https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8
[email protected]https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
[email protected]https://www.openssl.org/news/secadv/20240125.txt
[email protected]https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
[email protected]https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a
[email protected]https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c
[email protected]https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8
[email protected]https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
[email protected]https://security.netapp.com/advisory/ntap-20240208-0006/
[email protected]https://www.openssl.org/news/secadv/20240125.txt
[email protected]http://www.openwall.com/lists/oss-security/2024/03/11/1
[email protected]https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
[email protected]https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a
[email protected]https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c
[email protected]https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8
[email protected]https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
[email protected]https://security.netapp.com/advisory/ntap-20240208-0006/
[email protected]https://www.openssl.org/news/secadv/20240125.txt

CWE Details

CWE IDCWE NameDescription
CWE-476NULL Pointer DereferenceA NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence