#VU7319 Signature wrapping attack in OSCI-Transport Library - CVE-2017-10669

Cybersecurity Help s.r.o.

Published: 2017-07-05

Vulnerability identifier: #VU7319

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-10669

CWE-ID: CWE-776

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OSCI-Transport Library
Universal components / Libraries / Libraries used by multiple products

Vendor: KoSIT

Description
The vulnerability allows a remote attacker to conduct a signature wrapping attack.

The weakness exists in the encryption library due to XML entity expansion. A remote attacker can move XML elements within the document tree and modify the contents of a signed message arbitrarily without invalidating the signature.

Successful exploitation of the vulnerability results in content modification.

Mitigation
Update to version 1.7.1.

Vulnerable software versions

OSCI-Transport Library: 1.6.1

External links
https://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in KoSIT OSCI-Transport Library