CVE-2016-2181 Vulnerability

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. (CVSS:5.0) (Last Update:2016-09-16)

Vulnerability Details : The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. Publish Date : 2016-09-16 Last Update Date : 2016-09-16 - CVSS Scores & Vulnerability Types CVSS Score 5.0 Confidentiality Impact None(There is no impact to the confidentiality of the system.) Integrity Impact None(There is no impact to the integrity of the system) Availability Impact Partial(There is reduced performance or interruptions in resource availability.) Access Complexity Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) Authentication Not required(Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Denial Of Service CWE ID 189 - Products Affected By CVE-2016-2181 # Product Type Vendor Product Version Update Edition Language 1 Application Openssl Openssl 1.0.2h Version Details Vulnerabilities - Number Of Affected Versions By Product Vendor Product Vulnerable Versions Openssl Openssl 1 - References For CVE-2016-2181 https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770 CONFIRM

- Metasploit Modules Related To CVE-2016-2181 There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)