Full Report
Usage of SSLv2 and SSLv3 contain cryptographic weaknesses and cause data decryption.
Analysis Summary
# Vulnerability: Cryptographic Weakness in SSLv2/SSLv3 Usage on Kraftway Router
## CVE Details
- CVE ID: CVE-2018-15355
- CVSS Score: 7.5 (High) (Based on CVSS v3.1 calculation: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
- CWE: Weak Cryptographic Protocol
## Affected Systems
- Products: Kraftway-24F2XG Router
- Versions: Firmware version 3.5.30.1118 and earlier.
- Configurations: Any configuration utilizing SSLv2 or SSLv3 protocols.
## Vulnerability Description
The affected device utilizes the outdated and cryptographically weak SSLv2 and SSLv3 protocols. The usage of these protocols exposes data to decryption attacks, making data transmitted over these sessions inherently insecure.
## Exploitation
- Status: Existence of exploit currently unknown.
- Complexity: Low. The attack complexity metrics suggest a low barrier to entry for exploitation (Attack Complexity: Low, User Interaction: None).
- Attack Vector: Network.
## Impact
- Confidentiality: High (Data decryption is possible).
- Integrity: None
- Availability: None
## Remediation
### Patches
- Update firmware to version **3.5.47-315-gef7** or higher.
### Workarounds
- No specific vendor workarounds were listed other than applying the patch. Disabling SSLv2 and SSLv3 protocols across the system, if possible through configuration, would serve as an effective mitigation.
## Detection
- Indicators of compromise are not explicitly listed, but monitoring network traffic for connections utilizing SSLv2 or SSLv3 protocols against the affected device would indicate potential exposure.
- Detection methods would involve protocol analysis of network sessions directed to the router's management interface.
## References
- Vendor Advisory: KLCERT-18-011
- Relevant links - defanged:
- https://ics-cert.kaspersky.com/advisories/2018/08/17/klcert-18-011-kraftway-24f2xg-router-outdated-certificate-usage/