Vulnerability CVE-2015-5738


Published: 2016-07-26

Description:
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Linux -> Linux kernel 
Fortinet -> Fortios 
Cavium -> Software development kit 
Cavium -> Octeon ii cn6860 
Cavium -> Octeon ii cn6870 
Cavium -> Octeon ii cn6880 

 References:
http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html

Copyright 2020, cxsecurity.com

 

Back to Top