CVE-2024-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc
https://github.com/esnet/iperf/releases/tag/3.17
https://www.insyde.com/security-pledge/SA-2024005
https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc
https://github.com/esnet/iperf/releases/tag/3.17
https://security.netapp.com/advisory/ntap-20250228-0007/

Configurations

No configuration.

History

28 Feb 2025, 13:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20250228-0007/ -

10 Feb 2025, 23:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9
CWE		CWE-385

Information

Published : 2024-05-14 15:08

Updated : 2025-02-28 13:15

NVD link : CVE-2024-26306

Mitre link : CVE-2024-26306

CVE.ORG link : CVE-2024-26306

JSON object : View

Products Affected

No product.

CWE

CWE-385

Covert Timing Channel

{"id": "CVE-2024-26306", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-05-14T15:08:51.197", "references": [{"url": "https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc", "source": "cve@mitre.org"}, {"url": "https://github.com/esnet/iperf/releases/tag/3.17", "source": "cve@mitre.org"}, {"url": "https://www.insyde.com/security-pledge/SA-2024005", "source": "cve@mitre.org"}, {"url": "https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/esnet/iperf/releases/tag/3.17", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20250228-0007/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-385"}]}], "descriptions": [{"lang": "en", "value": "iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario."}, {"lang": "es", "value": "iPerf3 anterior a 3.17, cuando se usa con OpenSSL anterior a 3.2.0 como servidor con autenticaci\u00f3n RSA, permite un canal lateral de temporizaci\u00f3n en las operaciones de descifrado RSA. Este canal lateral podr\u00eda ser suficiente para que un atacante recupere el texto sin formato de las credenciales. Requiere que el atacante env\u00ede una gran cantidad de mensajes para descifrarlos, como se describe en \"Everlasting ROBOT: the Marvin Attack\" de Hubert Kario."}], "lastModified": "2025-02-28T13:15:26.423", "sourceIdentifier": "cve@mitre.org"}