Think you have a false positive on this rule?

Sid 1-47820

Message

SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt

Summary

This event is generated when an attacker attempts to exploit a NULL pointer dereference vulnerability present in OpenSSL.

Impact

Detection of a Denial of Service Attack

CVE-2017-3730:

CVSS base score 7.5

CVSS impact score 3.6

CVSS exploitability score 3.9

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Detailed information

Rule checks for attempts to exploit a NULL pointer dereference vulnerability present in OpenSSL. CVE-2017-3730: In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

Affected systems

  • openssl openssl 1.1.0
  • openssl openssl 1.1.0a
  • openssl openssl 1.1.0b
  • openssl openssl 1.1.0c

Ease of attack

CVE-2017-3730:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References