Login Sign Up

CVE-2022-23408

9.1 CRITICAL

📋 TL;DR

This vulnerability in wolfSSL allows attackers to decrypt TLS/DTLS traffic when using AES-CBC or DES3 without AEAD protection. It affects systems using wolfSSL 5.x before 5.1.1 for TLS 1.1/1.2 or DTLS 1.1/1.2 connections. The issue stems from non-random initialization vectors (IVs) due to misplaced memory initialization.

💻 Affected Systems

Products:
  • wolfSSL embedded SSL/TLS library
Versions: 5.x versions before 5.1.1
Operating Systems: All platforms running vulnerable wolfSSL versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects connections using AES-CBC or DES3 without AEAD in TLS 1.1/1.2 or DTLS 1.1/1.2. TLS 1.3 and AEAD modes are not affected.

📦 What is this software?

Wolfssl by Wolfssl

View all CVEs affecting Wolfssl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete decryption of encrypted communications, leading to exposure of sensitive data including credentials, session tokens, and confidential information.

🟠

Likely Case

Man-in-the-middle attackers can decrypt portions of encrypted traffic, potentially compromising data confidentiality in vulnerable connections.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to potential data exposure on affected systems only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires man-in-the-middle position or ability to intercept network traffic. The cryptographic weakness makes decryption feasible for determined attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.1.1 and later

Vendor Advisory: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-511-jan-3rd-2022

Restart Required: Yes

Instructions:

1. Download wolfSSL 5.1.1 or later from official repository. 2. Replace existing wolfSSL installation. 3. Recompile applications using wolfSSL. 4. Restart affected services.

🔧 Temporary Workarounds

Disable vulnerable cipher suites

all

Configure wolfSSL to disable AES-CBC and DES3 cipher suites, forcing use of AEAD ciphers

wolfSSL_CTX_set_cipher_list(ctx, "!AES128-SHA:!AES256-SHA:!DES-CBC3-SHA")

Enforce TLS 1.3

all

Configure systems to use only TLS 1.3 which mandates AEAD ciphers

wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_3)

🧯 If You Can't Patch

  • Implement network segmentation to isolate vulnerable systems
  • Deploy network monitoring and intrusion detection for suspicious traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check wolfSSL version with wolfSSL_library_version() or examine compiled binaries for version strings

Check Version:

wolfSSL_library_version()

Verify Fix Applied:

Verify version is 5.1.1 or later and test connections to confirm proper IV generation

📡 Detection & Monitoring

Log Indicators:

  • Unusual decryption errors
  • Failed handshakes with specific cipher suites

Network Indicators:

  • Traffic patterns suggesting man-in-the-middle activity
  • Unusual protocol negotiations

SIEM Query:

source="network_traffic" cipher_suite="*CBC*" OR cipher_suite="*DES3*" protocol="TLS1.1" OR protocol="TLS1.2"

📊 Metadata

CVE ID: CVE-2022-23408
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-330
Published: January 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23408, you might also want to check these:

CVE-2023-2884 9.8

This vulnerability in CBOT Chatbot uses a weak pseudo-random number generator (PRNG) that allows att...

Same vulnerability type (CWE-330)
CVE-2021-36166 9.8

This vulnerability allows remote attackers to efficiently guess administrative authentication tokens...

Same vulnerability type (CWE-330)
CVE-2024-36389 9.8

MileSight DeviceHub uses insufficiently random values for authentication, potentially allowing attac...

Same vulnerability type (CWE-330)