CVE-2023-2197 - OpenCVE

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hashicorp	Vault

Configuration 1 [-]

cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*

References

Link	Resource
https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322	Mitigation Vendor Advisory
https://security.netapp.com/advisory/ntap-20230609-0007/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-05-01T19:41:17.600Z

Updated: 2023-05-01T19:41:17.600Z

Reserved: 2023-04-20T19:03:10.324Z

Link: CVE-2023-2197

JSON object: View

NVD Information

Status : Modified

Published: 2023-05-01T20:15:14.597

Modified: 2023-06-09T08:15:10.823

Link: CVE-2023-2197

JSON object: View

Redhat Information

No data.

CWE

CWE-326

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-2197", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "state": "PUBLISHED", "assignerShortName": "HashiCorp", "dateReserved": "2023-04-20T19:03:10.324Z", "datePublished": "2023-05-01T19:41:17.600Z", "dateUpdated": "2023-05-01T19:41:17.600Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2023-05-01T19:41:17.600Z"}, "title": "Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-326", "description": "CWE-326 Inadequate Encryption Strength", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-463", "descriptions": [{"lang": "en", "value": "CAPEC-463 Padding Oracle Crypto Attack"}]}], "affected": [{"vendor": "HashiCorp", "product": "Vault Enterprise", "platforms": ["Windows", "Linux", "x86", "64 bit", "32 bit"], "versions": [{"status": "affected", "version": "1.13.0", "lessThanOrEqual": "1.13.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the\u00a0CKM_AES_CBC_PAD or\u00a0CKM_AES_CBC encryption mechanisms.\u00a0An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault\u2019s root key. Fixed in 1.13.2", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault\u2019s root key. Fixed in 1.13.2"}]}], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322"}, {"url": "https://security.netapp.com/advisory/ntap-20230609-0007/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "LOW", "baseScore": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"}}], "source": {"discovery": "INTERNAL"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CE468CF8-6DD1-476A-97CC-9FC0252AE726", "versionEndExcluding": "1.13.2", "versionStartIncluding": "1.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the\u00a0CKM_AES_CBC_PAD or\u00a0CKM_AES_CBC encryption mechanisms.\u00a0An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault\u2019s root key. Fixed in 1.13.2"}], "id": "CVE-2023-2197", "lastModified": "2023-06-09T08:15:10.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "security@hashicorp.com", "type": "Secondary"}]}, "published": "2023-05-01T20:15:14.597", "references": [{"source": "security@hashicorp.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322"}, {"source": "security@hashicorp.com", "url": "https://security.netapp.com/advisory/ntap-20230609-0007/"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-326"}], "source": "security@hashicorp.com", "type": "Secondary"}]}