Rewterz Threat Alert – APT37 aka GoldBackDoor Group – Active IOCs
July 18, 2023Rewterz Threat Advisory – CVE-2023-37463 – Github Vulnerability
July 18, 2023Rewterz Threat Alert – APT37 aka GoldBackDoor Group – Active IOCs
July 18, 2023Rewterz Threat Advisory – CVE-2023-37463 – Github Vulnerability
July 18, 2023Severity
Medium
Analysis Summary
CVE-2023-2975
OpenSSL could allow a remote attacker to bypass security restrictions, caused by AES-SIV cipher implementation. By sending a specially-crafted request using empty data entries as associated data, an attacker could exploit this vulnerability to bypass authentication validation.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-2975
Affected Vendors
OpenSSL
Affected Products
- OpenSSL 1.1.1
- OpenSSL 1.0.2
- OpenSSL 3.0.0
- OpenSSL 3.1.0
- OpenSSL 3.0.9
- OpenSSL 3.1.1
Remediation
Refer to OpenSSL Security Advisory for patch, upgrade or suggested workaround information.