Attacker Value
High
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
4

CVE-2016-2183

Disclosure Date: September 01, 2016
CVE-2016-2183 CVSS v3 Base Score: 7.5
Exploited in the Wild
Reported by Slenthonk
View Source Details
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Validated
Initial Access
Techniques
Validation
Validated
Privilege Escalation
Techniques
Validation
Validated

Description

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • cisco,
  • nodejs,
  • openssl,
  • oracle,
  • python,
  • redhat

Products

  • content security management appliance 9.6.6-068,
  • content security management appliance 9.7.0-006,
  • database 11.2.0.4,
  • database 12.1.0.2,
  • enterprise linux 5.0,
  • enterprise linux 6.0,
  • enterprise linux 7.0,
  • jboss enterprise application platform 6.0.0,
  • jboss enterprise web server 1.0.0,
  • jboss enterprise web server 2.0.0,
  • jboss web server 3.0,
  • node.js,
  • openssl 1.0.1a,
  • openssl 1.0.1b,
  • openssl 1.0.1c,
  • openssl 1.0.1d,
  • openssl 1.0.1e,
  • openssl 1.0.1f,
  • openssl 1.0.1g,
  • openssl 1.0.1h,
  • openssl 1.0.1i,
  • openssl 1.0.1j,
  • openssl 1.0.1k,
  • openssl 1.0.1l,
  • openssl 1.0.1m,
  • openssl 1.0.1n,
  • openssl 1.0.1o,
  • openssl 1.0.1p,
  • openssl 1.0.1q,
  • openssl 1.0.1r,
  • openssl 1.0.1t,
  • openssl 1.0.2a,
  • openssl 1.0.2b,
  • openssl 1.0.2c,
  • openssl 1.0.2d,
  • openssl 1.0.2e,
  • openssl 1.0.2f,
  • openssl 1.0.2h,
  • python

Exploited in the Wild

Reported by:

References

Canonical
CVE-2016-2183 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183)
BID-92630 (http://www.securityfocus.com/bid/92630)
BID-95568 (http://www.securityfocus.com/bid/95568)
Advisory
https://access.redhat.com/errata/RHSA-2017:3113
http://rhn.redhat.com/errata/RHSA-2017-0338.html
GLSA-201612-16 (https://security.gentoo.org/glsa/201612-16)
https://access.redhat.com/errata/RHSA-2017:3240
https://access.redhat.com/errata/RHSA-2017:2709
https://access.redhat.com/errata/RHSA-2017:3239
GLSA-201701-65 (https://security.gentoo.org/glsa/201701-65)
SECTRACK-1036696 (http://www.securitytracker.com/id/1036696)
GLSA-201707-01 (https://security.gentoo.org/glsa/201707-01)
https://access.redhat.com/errata/RHSA-2017:3114
https://access.redhat.com/errata/RHSA-2017:1216
https://access.redhat.com/errata/RHSA-2017:2710
[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections (https://www.ietf.org/mail-archive/web/tls/current/msg04560.html)
https://access.redhat.com/errata/RHSA-2018:2123
http://rhn.redhat.com/errata/RHSA-2017-0337.html
https://access.redhat.com/errata/RHSA-2017:2708
http://rhn.redhat.com/errata/RHSA-2017-0336.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
http://rhn.redhat.com/errata/RHSA-2017-0462.html
https://access.redhat.com/errata/RHSA-2019:1245
https://access.redhat.com/errata/RHSA-2019:2859
https://access.redhat.com/errata/RHSA-2020:0451
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.tenable.com/security/tns-2016-20
http://www.splunk.com/view/SP-CAAAPUE
https://bugzilla.redhat.com/show_bug.cgi?id=1369383
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://access.redhat.com/articles/2548661
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
http://www.splunk.com/view/SP-CAAAPSV
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases
https://www.tenable.com/security/tns-2016-16
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499
https://www.tenable.com/security/tns-2016-21
https://kc.mcafee.com/corporate/index?page=content&id=SB10171
http://www-01.ibm.com/support/docview.wss?uid=swg21991482
https://www.openssl.org/blog/blog/2016/08/24/sweet32
https://access.redhat.com/security/cve/cve-2016-2183
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://security.netapp.com/advisory/ntap-20160915-0001
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
https://bto.bluecoat.com/security-advisory/sa133
https://www.tenable.com/security/tns-2017-09
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116
https://security.netapp.com/advisory/ntap-20170119-0001
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
https://kc.mcafee.com/corporate/index?page=content&id=SB10310
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://security.netapp.com/advisory/ntap-20160915-0001/
https://security.netapp.com/advisory/ntap-20170119-0001/
EXPLOIT-DB-42091 (https://www.exploit-db.com/exploits/42091/)
https://wiki.opendaylight.org/view/Security_Advisories
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
SUSE-SU-2017:2700 (http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html)
20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities (http://www.securityfocus.com/archive/1/540341/100/0/threaded)
USN-3087-1 (http://www.ubuntu.com/usn/USN-3087-1)
SUSE-SU-2016:2469 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html)
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680
openSUSE-SU-2016:2537 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html)
20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information (http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded)
USN-3087-2 (http://www.ubuntu.com/usn/USN-3087-2)
20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information (http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded)
https://kc.mcafee.com/corporate/index?page=content&id=SB10197
https://kc.mcafee.com/corporate/index?page=content&id=SB10186
SUSE-SU-2017:2699 (http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html)
20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information (http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded)
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849
openSUSE-SU-2016:2407 (http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html)
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613
20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities (http://seclists.org/fulldisclosure/2017/Jul/31)
USN-3194-1 (http://www.ubuntu.com/usn/USN-3194-1)
SUSE-SU-2016:2458 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html)
20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information (https://seclists.org/bugtraq/2018/Nov/21)
https://support.f5.com/csp/article/K13167034
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722
20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information (http://www.securityfocus.com/archive/1/542005/100/0/threaded)
DSA-3673 (http://www.debian.org/security/2016/dsa-3673)
openSUSE-SU-2016:2391 (http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html)
USN-3372-1 (http://www.ubuntu.com/usn/USN-3372-1)
openSUSE-SU-2018:0458 (http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html)
SUSE-SU-2017:0460 (http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html)
SUSE-SU-2017:0490 (http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html)
USN-3270-1 (http://www.ubuntu.com/usn/USN-3270-1)
20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information (http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded)
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178
SUSE-SU-2016:2387 (http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html)
20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities (http://seclists.org/fulldisclosure/2017/May/105)
openSUSE-SU-2017:0513 (http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html)
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information (http://www.securityfocus.com/archive/1/539885/100/0/threaded)
openSUSE-SU-2017:0374 (http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html)
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415
SUSE-SU-2016:2468 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html)
SUSE-SU-2017:0346 (http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html)
openSUSE-SU-2016:2496 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html)
USN-3198-1 (http://www.ubuntu.com/usn/USN-3198-1)
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403
20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information (http://www.securityfocus.com/archive/1/541104/100/0/threaded)
SUSE-SU-2017:1444 (http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html)
SUSE-SU-2016:2394 (http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html)
20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities (http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded)
USN-3179-1 (http://www.ubuntu.com/usn/USN-3179-1)
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
Miscellaneous
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://sweet32.info
https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls
https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
https://www.sigsac.org/ccs/CCS2016/accepted-papers
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack
https://sweet32.info/
https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
https://www.sigsac.org/ccs/CCS2016/accepted-papers/
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://access.redhat.com/errata/RHBA-2019:2581
https://access.redhat.com/errata/RHSA-2016:1940
https://access.redhat.com/errata/RHSA-2017:0336
https://access.redhat.com/errata/RHSA-2017:0337
https://access.redhat.com/errata/RHSA-2017:0338
https://access.redhat.com/errata/RHSA-2017:0462
https://access.redhat.com/errata/RHSA-2020:3842
https://access.redhat.com/errata/RHSA-2021:0308
https://access.redhat.com/errata/RHSA-2021:2438
https://access.redhat.com/security/cve/CVE-2016-2183

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis