Vulnerability Description
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openwrt | Openwrt | 15.05.1 |
Related Weaknesses (CWE)
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893ExploitThird Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893ExploitThird Party Advisory
FAQ
What is CVE-2019-5102?
CVE-2019-5102 is a vulnerability with a CVSS score of 4.0 (MEDIUM). An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked bu...
How severe is CVE-2019-5102?
CVE-2019-5102 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5102?
Check the references section above for vendor advisories and patch information. Affected products include: Openwrt Openwrt.