CVE-2023-2197

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with theCKM_AES_CBC_PAD orCKM_AES_CBC encryption mechanisms.An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vaults root key. Fixed in 1.13.2
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.5 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
HashiCorpCNA
2.5 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
2.5 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
hashicorpvault
1.13.0 ≤
𝑥
< 1.13.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322
https://security.netapp.com/advisory/ntap-20230609-0007/
https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322
https://security.netapp.com/advisory/ntap-20230609-0007/