CVE-2023-4807 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
CVE-2023-4807 is a high-severity vulnerability affecting the POLY1305 MAC message authentication code implementation in OpenSSL, commonly used in TLS protocol versions 1.2 and 1.3. The consequences can range from no impact to complete control of the application process by an attacker. Systems affected include those running OpenSSL versions 1.1.1 to 1.1.1w, 3.0.0 to 3.0.11, and 3.1.0 to 3.1.3.
How do I know if I'm affected?
To determine if you're affected by the CVE-2023-4807 vulnerability, you'll need to check if your system is running OpenSSL versions 1.1.1 to 1.1.1w, 3.0.0 to 3.0.11, or 3.1.0 to 3.1.3. This issue mainly impacts applications on Windows 64 platforms with newer X86\_64 processors supporting AVX512-IFMA instructions. The vulnerability is related to the POLY1305 MAC implementation, commonly used in TLS protocol versions 1.2 and 1.3. If your system matches these criteria, you may be affected by this high-severity vulnerability.
What should I do if I'm affected?
If you're affected by this vulnerability, it's crucial to take action. First, check if your system runs the affected OpenSSL versions. Next, update your OpenSSL version to include the relevant commit that fixes the issue. If you're using a custom build, apply the changes from the commit to your source code and recompile. This will help mitigate the vulnerability and protect your system.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-4807 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue affects the POLY1305 MAC implementation in OpenSSL and can lead to unauthorized access to sensitive information, data modification, or service disruption. It was added to the catalog on September 8, 2023. There is no specific due date provided, but the required action is to update your OpenSSL version and apply the relevant fixes to mitigate the vulnerability.
Weakness enumeration
The weakness enumeration for this vulnerability is "Insufficient Information", indicating there’s not info on the CVE yet.
For more details
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-4807 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
CVE-2023-4807 is a high-severity vulnerability affecting the POLY1305 MAC message authentication code implementation in OpenSSL, commonly used in TLS protocol versions 1.2 and 1.3. The consequences can range from no impact to complete control of the application process by an attacker. Systems affected include those running OpenSSL versions 1.1.1 to 1.1.1w, 3.0.0 to 3.0.11, and 3.1.0 to 3.1.3.
How do I know if I'm affected?
To determine if you're affected by the CVE-2023-4807 vulnerability, you'll need to check if your system is running OpenSSL versions 1.1.1 to 1.1.1w, 3.0.0 to 3.0.11, or 3.1.0 to 3.1.3. This issue mainly impacts applications on Windows 64 platforms with newer X86\_64 processors supporting AVX512-IFMA instructions. The vulnerability is related to the POLY1305 MAC implementation, commonly used in TLS protocol versions 1.2 and 1.3. If your system matches these criteria, you may be affected by this high-severity vulnerability.
What should I do if I'm affected?
If you're affected by this vulnerability, it's crucial to take action. First, check if your system runs the affected OpenSSL versions. Next, update your OpenSSL version to include the relevant commit that fixes the issue. If you're using a custom build, apply the changes from the commit to your source code and recompile. This will help mitigate the vulnerability and protect your system.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-4807 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue affects the POLY1305 MAC implementation in OpenSSL and can lead to unauthorized access to sensitive information, data modification, or service disruption. It was added to the catalog on September 8, 2023. There is no specific due date provided, but the required action is to update your OpenSSL version and apply the relevant fixes to mitigate the vulnerability.
Weakness enumeration
The weakness enumeration for this vulnerability is "Insufficient Information", indicating there’s not info on the CVE yet.
For more details
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-4807 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
CVE-2023-4807 is a high-severity vulnerability affecting the POLY1305 MAC message authentication code implementation in OpenSSL, commonly used in TLS protocol versions 1.2 and 1.3. The consequences can range from no impact to complete control of the application process by an attacker. Systems affected include those running OpenSSL versions 1.1.1 to 1.1.1w, 3.0.0 to 3.0.11, and 3.1.0 to 3.1.3.
How do I know if I'm affected?
To determine if you're affected by the CVE-2023-4807 vulnerability, you'll need to check if your system is running OpenSSL versions 1.1.1 to 1.1.1w, 3.0.0 to 3.0.11, or 3.1.0 to 3.1.3. This issue mainly impacts applications on Windows 64 platforms with newer X86\_64 processors supporting AVX512-IFMA instructions. The vulnerability is related to the POLY1305 MAC implementation, commonly used in TLS protocol versions 1.2 and 1.3. If your system matches these criteria, you may be affected by this high-severity vulnerability.
What should I do if I'm affected?
If you're affected by this vulnerability, it's crucial to take action. First, check if your system runs the affected OpenSSL versions. Next, update your OpenSSL version to include the relevant commit that fixes the issue. If you're using a custom build, apply the changes from the commit to your source code and recompile. This will help mitigate the vulnerability and protect your system.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-4807 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue affects the POLY1305 MAC implementation in OpenSSL and can lead to unauthorized access to sensitive information, data modification, or service disruption. It was added to the catalog on September 8, 2023. There is no specific due date provided, but the required action is to update your OpenSSL version and apply the relevant fixes to mitigate the vulnerability.
Weakness enumeration
The weakness enumeration for this vulnerability is "Insufficient Information", indicating there’s not info on the CVE yet.
For more details
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions