CVE-2023-50923 - Vulnerability Details - OpenCVE

In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK." paper says "Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic."

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00055.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://arrow.tudublin.ie/nsdcon/2/
https://ieeexplore.ieee.org/document/10427406
https://www.rfc-editor.org/rfc/rfc9000.html

History

Wed, 04 Dec 2024 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-352
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-02-20T00:00:00.000Z

Updated: 2024-12-04T21:02:20.418Z

Reserved: 2023-12-15T00:00:00.000Z

Link: CVE-2023-50923

Vulnrichment

Updated: 2024-08-02T22:23:44.007Z

NVD

Status : Awaiting Analysis

Published: 2024-02-21T00:15:07.597

Modified: 2024-12-04T21:15:19.777

Link: CVE-2023-50923

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-352

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-50923", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-12-04T21:02:20.418Z", "dateReserved": "2023-12-15T00:00:00.000Z", "datePublished": "2024-02-20T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-20T23:17:09.160Z"}, "descriptions": [{"lang": "en", "value": "In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The \"Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK.\" paper says \"Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic.\""}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.rfc-editor.org/rfc/rfc9000.html"}, {"url": "https://ieeexplore.ieee.org/document/10427406"}, {"url": "https://arrow.tudublin.ie/nsdcon/2/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:23:44.007Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.rfc-editor.org/rfc/rfc9000.html", "tags": ["x_transferred"]}, {"url": "https://ieeexplore.ieee.org/document/10427406", "tags": ["x_transferred"]}, {"url": "https://arrow.tudublin.ie/nsdcon/2/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-352", "lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-15T20:16:01.121510Z", "id": "CVE-2023-50923", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-04T21:02:20.418Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.rfc-editor.org/rfc/rfc9000.html", "tags": ["x_transferred"]}, {"url": "https://ieeexplore.ieee.org/document/10427406", "tags": ["x_transferred"]}, {"url": "https://arrow.tudublin.ie/nsdcon/2/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:23:44.007Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-50923", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-15T20:16:01.121510Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T20:16:52.847Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.rfc-editor.org/rfc/rfc9000.html"}, {"url": "https://ieeexplore.ieee.org/document/10427406"}, {"url": "https://arrow.tudublin.ie/nsdcon/2/"}], "descriptions": [{"lang": "en", "value": "In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The \"Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK.\" paper says \"Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-20T23:17:09.160101"}}}, "cveMetadata": {"cveId": "CVE-2023-50923", "state": "PUBLISHED", "dateUpdated": "2024-12-04T21:02:20.418Z", "dateReserved": "2023-12-15T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-02-20T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The \"Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK.\" paper says \"Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic.\""}, {"lang": "es", "value": "En QUIC en RFC 9000, la especificaci\u00f3n Latency Spin Bit (secci\u00f3n 17.4) no restringe estrictamente el valor del bit cuando la caracter\u00edstica est\u00e1 deshabilitada, lo que podr\u00eda permitir a atacantes remotos construir un canal encubierto con datos representados como cambios en el valor del bit. NOTA: \"Sheridan, S., Keane, A. (2015). En Actas de la 14\u00aa Conferencia Europea sobre Guerra Cibern\u00e9tica y Seguridad (ECCWS), Universidad de Hertfordshire, Hatfield, Reino Unido\". El art\u00edculo dice: \"Los protocolos de comunicaci\u00f3n de Internet modernos proporcionan un n\u00famero casi infinito de formas en las que los datos pueden ocultarse o incrustarse en el tr\u00e1fico de red aparentemente normal\"."}], "id": "CVE-2023-50923", "lastModified": "2024-12-04T21:15:19.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-21T00:15:07.597", "references": [{"source": "cve@mitre.org", "url": "https://arrow.tudublin.ie/nsdcon/2/"}, {"source": "cve@mitre.org", "url": "https://ieeexplore.ieee.org/document/10427406"}, {"source": "cve@mitre.org", "url": "https://www.rfc-editor.org/rfc/rfc9000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://arrow.tudublin.ie/nsdcon/2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://ieeexplore.ieee.org/document/10427406"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.rfc-editor.org/rfc/rfc9000.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}