Reset Search
 

 

Article

KB45061 - CVE-2022-0778 - Infinite loop in BN_mod_sqrt() reachable when parsing certificates

« Go Back

Information

 
Last Modified Date4/1/2022 5:16 PM
Synopsis
Problem or Goal

CVE-2022-0778    
User-added image

A vulnerability has been reported on the 15th of March 2022 under https://nvd.nist.gov/vuln/detail/CVE-2022-0778

Description - A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid explicit curve parameters. 

More details can be found in the links below,
https://access.redhat.com/security/cve/cve-2022-0778

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778

 

Cause
Solution
Ivanti Pulse Engineering teams are investigating these vulnerabilities. For results of the investigations and, further details refer to the chart below.
ProductDescriptionImpactedRemediation
Pulse Secure Virtual Traffic ManagerAlthough the affected library is present and used, the affected function is not used.Not AffectedN/A
Pulse Secure Services Director

 

It may be possible for an attacker to use a specially crafted certificate to trigger this issue in the SSH server (via certificate-based authentication).

Administrators can trigger this by updating the server certificate with a specially crafted certificate.

21.1R1 and, belowUpgrade to 21.1R2
 
Pulse Secure Web Application Firewall.Under InvestigationUnder Investigation
Pulse Connect Secure

This vulnerability will show up when parsing certificates regardless of the type of certificate the server is expecting to receive (I.E. RSA, Elliptic Curve, etc..).

Case 1:When an attacker sends a maliciously crafted certificate and certain conditions are met for the user authentication, or authorization process
that would require the PCS server to attempt to read the certificate.

Case 2:When the PCS acts as the client in connecting to another server and, the server uses a maliciously crafter certificate for the TLS negotiation.

9.1R14 and, belowUpgrade to 9.1R14.1 or 9.1R13.2 (*See below for more version info)
Ivanti Connect Secure (ICS)

 

21.12R1.0 and, belowUpgrade to 22.1R1.0(*See below for more version info)
Pulse Policy Secure

 

This vulnerability will show up when parsing certificates regardless of the type of certificate the server is expecting to receive (I.E. RSA, Elliptic Curve, etc..).

 

Case 1 : End User Radius Client attacking PPS server using a crafted client certificate when EAP/TLS authentication is used

 

Case 2: PPS can be compromised when it deals with any external complementary TLS service which uses compromised/crafted server certificate

 

 

 

9.1R14 and, belowUpgrade to 9.1R14.1 or 9.1R13.2 (*See below for more version info)
Pulse Desktop ClientThis would be a secondary attack after a complex attack where, an attacker is able to get client machines with the PDC to attempt to connect to their server. If successful the impact would be user machine restarts9.1R14 and, belowUpgrade to 9.1R15(*See below for more info)
Pulse Mobile Client Under InvestigationUnder Investigation
Pulse OneThis vulnerability will show up when parsing certificates that contain elliptic curve public keys2.0.2104 and, BelowUpgrade to 2.0.2201
 
Pulse ZTA Under InvestigationUnder Investigation
Ivanti Neurons for ZTA Under InvestigationUnder Investigation
Ivanti Neurons for secure Access Under InvestigationUnder Investigation
*Additional Notes: To gather any of the upgrade versions for remediation mentioned above, go to the Licensing and Download section at https://my.pulsesecure.net.
-  9.1R15 For PCS has been released and is available in the Licensing and, Download section at https://my.pulsesecure.net
-  9.1R14 For PCS has been released and is available in the Licensing and, Download section at https://my.pulsesecure.net
9.1R13.2 For PCS has been released and is available in the Licensing and, Download section at https://my.pulsesecure.net   
-  22.1R1.0 For ICS has been released and is available in the Licensing and, Download section at https://my.pulsesecure.net
-  9.1R15 For Pulse Desktop client has been released and is available in the Licensing and, Download section at https://my.pulsesecure.net

Document History:
March 26th - VADC updated as not impacted
March 28th - Remaining product investigation is still ongoing and being treated as our top priority.  More updates will be provided this week as we continue our internal investigations.  
March 31st - Updated impact for PCS and patch released for PCS 9.1R14.1
Related Links
Attachment 1 
Created ByAsutosh Dash

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255