Reset Search
 

 

Article

SA45100 - CVE-2022-0778-OpenSSL-Vulnerability may lead to DoS attack

« Go Back

Information

 
Product Affected
Problem

CVE-2022-0778    
User-added image

A vulnerability has been reported on the 15th of March 2022 under https://nvd.nist.gov/vuln/detail/CVE-2022-0778

Description - A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid explicit curve parameters. 

More details can be found in the links below,
https://access.redhat.com/security/cve/cve-2022-0778

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778

Solution


Ivanti Pulse Engineering teams are investigating these vulnerabilities. For results of the investigations and, further details refer to the chart below.
ProductDescriptionImpactedRemediation
Pulse Secure Virtual Traffic ManagerAlthough the affected library is present and used, the affected function is not used.Not AffectedN/A
Pulse Secure Services Director

 

It may be possible for an attacker to use a specially crafted certificate to trigger this issue in the SSH server (via certificate-based authentication).

Administrators can trigger this by updating the server certificate with a specially crafted certificate.

21.1R1 and, belowUpgrade to 21.1R2
Pulse Secure Web Application Firewall.Under InvestigationUnder Investigation
Pulse Connect Secure

This vulnerability will show up when parsing certificates regardless of the type of certificate the server is expecting to receive (I.E. RSA, Elliptic Curve, etc..).

Case 1:When an attacker sends a maliciously crafted certificate and certain conditions are met for the user authentication, or authorization process
that would require the PCS server to attempt to read the certificate.

Case 2:When the PCS acts as the client in connecting to another server and, the server uses a maliciously crafter certificate for the TLS negotiation.

9.1R14 and, belowUpgrade to 9.1R14.1 or 9.1R13.2 (*See below for more version info)
Ivanti Connect Secure (ICS)

 

Under InvestigationUnder Investigation
Pulse Policy Secure

This vulnerability will show up when parsing certificates regardless of the type of certificate the server is expecting to receive (I.E. RSA, Elliptic Curve, etc..).

 

Case 1 : End User Radius Client attacking PPS server using a crafted client certificate when EAP/TLS authentication is used

 

Case 2: PPS can be compromised when it deals with any external complementary TLS service which uses compromised/crafted server certificate

9.1R14 and, belowUpgrade to 9.1R14.1 (*See below for more version info)
Pulse Desktop ClientThis would be a secondary attack after a complex attack where, an attacker is able to get client machines with the PDC to attempt to connect to their server. If successful the impact would be user machine restarts.9.1R14 and, belowUpgrade to 9.1R15
(*See below for more info)
Pulse Mobile Client Under InvestigationUnder Investigation
Pulse OneThis vulnerability will show up when parsing certificates that contain elliptic curve public keys2.0.2104 and, BelowUpgrade to 2.0.2201
Pulse ZTA Under InvestigationUnder Investigation
Ivanti Neurons for ZTA Under InvestigationUnder Investigation
Ivanti Neurons for secure Access Under InvestigationUnder Investigation
*Additional Notes: To gather any of the upgrade versions for remediation mentioned above, go to the Licensing and Download section at https://my.pulsesecure.net.
-  9.1R15 For PCS has been released and is available in the Licensing and, Download section at https://my.pulsesecure.net
-  9.1R14.1 For PCS has been released and is available in the Licensing and, Download section at https://my.pulsesecure.net.
-  9.1R13.2 For PCS has been released and is available in the Licensing and, Download section at https://my.pulsesecure.net 
-  9.1R15 For Pulse Desktop client has been released and is available in the Licensing and, Download section at https://my.pulsesecure.net
Workaround
Implementation
Related Links
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB45061/?kA13Z000000L3nb
CVSS Score7.5
Risk Assessment
Acknowledgements
Alert Type 
Risk Level 
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255