CWE-757
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Monthly
Zephyr RTOS sockets created with IPPROTO_TLS_1_3 can negotiate TLS 1.2 connections when both TLS versions are enabled in Kconfig, because socket-level protocol selection is not propagated to mbedTLS's minimum version enforcement. Applications explicitly requesting TLS 1.3 may silently fall back to TLS 1.2, exposing them to known TLS 1.2 weaknesses such as POODLE or truncation attacks. Remote unauthenticated attackers can exploit this via network-level protocol downgrade during the TLS handshake.
Cryptographic algorithm downgrade in AWS Encryption SDK for Python's caching layer allows authenticated local attackers to bypass key commitment policy enforcement through a shared key cache, enabling decryption of single ciphertext to multiple different plaintexts. Affected versions include Python 2 up to 2.5.1, Python 3 up to 3.3.0, and Python 4 up to 4.0.4. AWS has released vendor patches (versions 3.3.1, 4.0.5, and later) to remediate the vulnerability, which requires local access and authenticated credentials but has no known public exploit.
Anviz CrossChex Standard time and attendance software transmits database credentials in plaintext when attackers downgrade TDS7 PreLogin protocol encryption, enabling remote unauthenticated access to backend databases containing employee data and access control records. CVSS 7.5 (High) with network attack vector and no prerequisites. Reported by CISA ICS-CERT, indicating industrial/physical security context. EPSS and KEV status not provided in available data.
OpenSSL and Microsoft products using the 'DEFAULT' keyword in TLS 1.3 key exchange group configurations may negotiate weaker cryptographic groups than intended, allowing network-based attackers to potentially downgrade the security of encrypted connections without authentication or user interaction. This affects servers that combine default group lists with custom configurations, particularly impacting hybrid post-quantum key exchange implementations where clients defer group selection. A patch is available to remediate this high-severity confidentiality risk.
psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity.
Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Zephyr RTOS sockets created with IPPROTO_TLS_1_3 can negotiate TLS 1.2 connections when both TLS versions are enabled in Kconfig, because socket-level protocol selection is not propagated to mbedTLS's minimum version enforcement. Applications explicitly requesting TLS 1.3 may silently fall back to TLS 1.2, exposing them to known TLS 1.2 weaknesses such as POODLE or truncation attacks. Remote unauthenticated attackers can exploit this via network-level protocol downgrade during the TLS handshake.
Cryptographic algorithm downgrade in AWS Encryption SDK for Python's caching layer allows authenticated local attackers to bypass key commitment policy enforcement through a shared key cache, enabling decryption of single ciphertext to multiple different plaintexts. Affected versions include Python 2 up to 2.5.1, Python 3 up to 3.3.0, and Python 4 up to 4.0.4. AWS has released vendor patches (versions 3.3.1, 4.0.5, and later) to remediate the vulnerability, which requires local access and authenticated credentials but has no known public exploit.
Anviz CrossChex Standard time and attendance software transmits database credentials in plaintext when attackers downgrade TDS7 PreLogin protocol encryption, enabling remote unauthenticated access to backend databases containing employee data and access control records. CVSS 7.5 (High) with network attack vector and no prerequisites. Reported by CISA ICS-CERT, indicating industrial/physical security context. EPSS and KEV status not provided in available data.
OpenSSL and Microsoft products using the 'DEFAULT' keyword in TLS 1.3 key exchange group configurations may negotiate weaker cryptographic groups than intended, allowing network-based attackers to potentially downgrade the security of encrypted connections without authentication or user interaction. This affects servers that combine default group lists with custom configurations, particularly impacting hybrid post-quantum key exchange implementations where clients defer group selection. A patch is available to remediate this high-severity confidentiality risk.
psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity.
Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.