Vulnerability CVE-2017-17428


Published: 2018-03-05

Description:
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Type:

CWE-327

(Use of a Broken or Risky Cryptographic Algorithm)

Vendor: Cisco
Product: Webex meetings 
Version: t32; t31;
Product: Adaptive security appliance 5540 firmware 
Version: 9.1(7.16);
Product: Adaptive security appliance 5505 firmware 
Version: 9.1(7.16);
Product: Adaptive security appliance 5520 firmware 
Version: 9.1(7.16);
Product: Adaptive security appliance 5550 firmware 
Version: 9.1(7.16);
Product: Adaptive security appliance 5510 firmware 
Version: 9.1(7.16);
Product: Webex conect im 
Version: 7.24.1;
Product: Ace4710 application control engine firmware 
Version:
3.0(0)a5(3.5)
3.0(0)a5(3.0)
3.0(0)a5(2.0)
Product: Ace30 application control engine module firmware 
Version:
3.0(0)a5(3.5)
3.0(0)a5(3.0)
3.0(0)a5(2.0)
Vendor: Cavium
Product: Nitrox ssl sdk 
Version: 6.1.0;
Product: Octeon sdk 
Version: 1.7.2;
Product: Octeon ssl sdk 
Version: 1.5.0;
Product: Nitrox v ssl sdk 
Version: 1.2;
Product: Turbossl sdk 
Version: 1.0;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.1/10
6.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None

 References:
http://www.securityfocus.com/bid/102170
http://www.securitytracker.com/id/1039984
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
https://www.cavium.com/security-advisory-cve-2017-17428.html
https://www.kb.cert.org/vuls/id/144389

Copyright 2019, cxsecurity.com

 

Back to Top