{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-26306", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-02-28T13:07:28.637Z", "dateReserved": "2024-02-16T00:00:00.000Z", "datePublished": "2024-05-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-20T04:20:40.211Z"}, "descriptions": [{"lang": "en", "value": "iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/esnet/iperf/releases/tag/3.17"}, {"url": "https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc"}, {"url": "https://www.insyde.com/security-pledge/SA-2024005"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/esnet/iperf/releases/tag/3.17", "tags": ["x_transferred"]}, {"url": "https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20250228-0007/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-02-28T13:07:28.637Z"}}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-385", "lang": "en", "description": "CWE-385 Covert Timing Channel"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-22T18:32:36.929056Z", "id": "CVE-2024-26306", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T22:47:01.564Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/esnet/iperf/releases/tag/3.17", "tags": ["x_transferred"]}, {"url": "https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20250228-0007/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-02-28T13:07:28.637Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-26306", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-22T18:32:36.929056Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-385", "description": "CWE-385 Covert Timing Channel"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T18:32:48.181Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/esnet/iperf/releases/tag/3.17"}, {"url": "https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc"}, {"url": "https://www.insyde.com/security-pledge/SA-2024005"}], "descriptions": [{"lang": "en", "value": "iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-20T04:20:40.211Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26306", "state": "PUBLISHED", "dateUpdated": "2025-02-28T13:07:28.637Z", "dateReserved": "2024-02-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-13T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario."}, {"lang": "es", "value": "iPerf3 anterior a 3.17, cuando se usa con OpenSSL anterior a 3.2.0 como servidor con autenticaci\u00f3n RSA, permite un canal lateral de temporizaci\u00f3n en las operaciones de descifrado RSA. Este canal lateral podr\u00eda ser suficiente para que un atacante recupere el texto sin formato de las credenciales. Requiere que el atacante env\u00ede una gran cantidad de mensajes para descifrarlos, como se describe en \"Everlasting ROBOT: the Marvin Attack\" de Hubert Kario."}], "id": "CVE-2024-26306", "lastModified": "2025-02-28T13:15:26.423", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-14T15:08:51.197", "references": [{"source": "cve@mitre.org", "url": "https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc"}, {"source": "cve@mitre.org", "url": "https://github.com/esnet/iperf/releases/tag/3.17"}, {"source": "cve@mitre.org", "url": "https://www.insyde.com/security-pledge/SA-2024005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/esnet/iperf/releases/tag/3.17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20250228-0007/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-385"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4241", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "iperf3-0:3.5-10.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:9185", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "iperf3-0:3.9-13.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "iperf3: vulnerable to marvin attack if the authentication option is used", "id": "2270270", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270270"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-203", "details": ["iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.", "A timing-based side-channel flaw was found in iperf3. If the iperf3 server is running with the --rsa-private-key-path option, the user authentication API can be attacked."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-26306", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "iperf3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-05-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26306\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26306"], "statement": "The timing-based side-channel flaw in iperf3's handling of the --rsa-private-key-path option represents a moderate severity issue due to its potential impact on the confidentiality and integrity of user authentication. While the vulnerability allows for the exploitation of timing discrepancies to potentially deduce information about the private key, it requires specific conditions to be met for successful exploitation. Additionally, the attack vector is limited to instances where the server is configured with the --rsa-private-key-path option and actively engaged in user authentication. While the risk is significant for servers using this configuration, the broader impact is mitigated by these constraints.", "threat_severity": "Moderate"}