CVE-2018-11058 : Security Advisory and Response
Learn about CVE-2018-11058 affecting RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition. Find out the impact, affected versions, and mitigation steps for this Buffer Over-Read vulnerability.
RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition have vulnerabilities related to Buffer Over-Read when analyzing ASN.1 data.
Understanding CVE-2018-11058
What is CVE-2018-11058?
Versions of RSA BSAFE Micro Edition Suite prior to 4.0.11 and 4.1.6, as well as RSA BSAFE Crypto-C Micro Edition before 4.0.5.3, are susceptible to a Buffer Over-Read vulnerability when processing ASN.1 data.
The Impact of CVE-2018-11058
The vulnerability allows a remote attacker to exploit specially crafted ASN.1 data, potentially leading to a Buffer Over-Read issue.
Technical Details of CVE-2018-11058
Vulnerability Description
The vulnerability in RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition arises from improper handling of ASN.1 data, resulting in a Buffer Over-Read.
Affected Systems and Versions
- RSA BSAFE Micro Edition Suite versions prior to 4.0.11 and 4.1.6
- RSA BSAFE Crypto-C Micro Edition version prior to 4.0.5.3
Exploitation Mechanism
- Attack Complexity: Low
- Attack Vector: Network
- Availability Impact: High
- Base Score: 7.5 (High)
Mitigation and Prevention
Immediate Steps to Take
- Update RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition to versions 4.0.11 and 4.1.6 or higher.
- Monitor network traffic for any suspicious activity related to ASN.1 data.
Long-Term Security Practices
- Regularly apply security patches and updates to mitigate potential vulnerabilities.
Patching and Updates
- Stay informed about security advisories and patches released by RSA to address known vulnerabilities.