cvelistv5 - cve-2017-17428

CVE-2017-17428 (GCVE-0-2017-17428)

Vulnerability from cvelistv5 – Published: 2018-03-05 18:00 – Updated: 2024-08-05 20:51

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/102170	vdb-entryx_refsource_BID
	https://www.cavium.com/security-advisory-cve-2017…	x_refsource_CONFIRM
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id/1039984	vdb-entryx_refsource_SECTRACK
	https://www.kb.cert.org/vuls/id/144389	third-party-advisoryx_refsource_CERT-VN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:51:31.376Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102170",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102170"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
          },
          {
            "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
          },
          {
            "name": "1039984",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039984"
          },
          {
            "name": "VU#144389",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/144389"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-05T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "102170",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102170"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
        },
        {
          "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
        },
        {
          "name": "1039984",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039984"
        },
        {
          "name": "VU#144389",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/144389"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17428",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102170",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102170"
            },
            {
              "name": "https://www.cavium.com/security-advisory-cve-2017-17428.html",
              "refsource": "CONFIRM",
              "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
            },
            {
              "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
            },
            {
              "name": "1039984",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039984"
            },
            {
              "name": "VU#144389",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/144389"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17428",
    "datePublished": "2018-03-05T18:00:00",
    "dateReserved": "2017-12-05T00:00:00",
    "dateUpdated": "2024-08-05T20:51:31.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cavium:nitrox_ssl_sdk:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.1.0\", \"matchCriteriaId\": \"A8DF06BB-1F8B-4A8B-BA66-028AFF9FA36E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cavium:nitrox_v_ssl_sdk:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.2\", \"matchCriteriaId\": \"274D753A-E022-4E41-9114-0B26A472BB63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cavium:octeon_sdk:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.7.2\", \"matchCriteriaId\": \"7529F21A-0F87-421A-9D96-9B21A11F77D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cavium:octeon_ssl_sdk:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.5.0\", \"matchCriteriaId\": \"5ACC7912-4FF4-49FE-B5D8-6CEAEFC25DA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cavium:turbossl_sdk:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.0\", \"matchCriteriaId\": \"E3B94D6A-7AC9-48B6-9A7C-7C8D23F3AFCB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_conect_im:7.24.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0143CB5D-07F4-4BC3-85C4-5A1A5F10D255\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings:t31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2CD55EC-37E6-4E00-97CA-CBCA430AA711\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings:t32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7D55BE2-8399-4B10-9430-BEB0036800C4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\\\(0\\\\)a5\\\\(2.0\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24BD18A8-AEAD-459A-9E16-3790BE6543D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\\\(0\\\\)a5\\\\(3.0\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD10B359-AB2A-41A6-96D2-C904F705DE7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\\\(0\\\\)a5\\\\(3.5\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D7F0F7C-295C-4565-B818-FF9FBAB36249\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ace_4710_application_control_engine:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94E8DDD6-4B63-4430-AF9C-2A9ABCC79E24\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\\\(0\\\\)a5\\\\(2.0\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60340950-50AD-47C2-B9CB-2D930D180EF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\\\(0\\\\)a5\\\\(3.0\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A4C206B-1375-41BE-8811-E334E7879A29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\\\(0\\\\)a5\\\\(3.5\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FF73E89-9C67-4A37-B9BC-EC9E17C0E0CB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ace30_application_control_engine_module:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AD4CC24-D2B1-4DEB-85AE-393CDCDD24F4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:adaptive_security_appliance_5520_firmware:9.1\\\\(7.16\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4AA2A28-18CB-4C73-B52A-4DE306B55896\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:adaptive_security_appliance_5520:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35954D5D-F767-485F-94AB-0CD8B58F6352\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:adaptive_security_appliance_5540_firmware:9.1\\\\(7.16\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"337DC063-042E-43AF-810E-8598CCEB2FD6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:adaptive_security_appliance_5540:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CCBF299-D6F5-4D00-8616-9EDE7EAFAC28\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:adaptive_security_appliance_5550_firmware:9.1\\\\(7.16\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07348020-F675-40B9-9477-914ADCB85991\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:adaptive_security_appliance_5550:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C24537C8-4F9C-4979-BB1A-466ADA6C3FF5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:adaptive_security_appliance_5510_firmware:9.1\\\\(7.16\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21A7DCB5-936E-4039-B798-2B6EF5A148BB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:adaptive_security_appliance_5510:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FF7123A-5538-48AF-BD7A-A0D7962CB10E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:adaptive_security_appliance_5505_firmware:9.1\\\\(7.16\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71174C79-2DC1-4CE7-923D-2EF2D4362CAD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:adaptive_security_appliance_5505:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AC84224-8B1A-4D92-9FBD-813F6C857A77\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.\"}, {\"lang\": \"es\", \"value\": \"Los SDK (software development kit) de Cavium Nitrox SSL, Nitrox V SSL y TurboSSL permiten que atacantes remotos descifren datos TLS cifrados aprovechando un or\\u00e1culo de relleno RSA Bleichenbacher. Esto tambi\\u00e9n se conoce como ataque ROBOT.\"}]",
      "id": "CVE-2017-17428",
      "lastModified": "2024-11-21T03:17:55.180",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:N/A:N\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-03-05T18:29:00.237",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/102170\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039984\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cavium.com/security-advisory-cve-2017-17428.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/144389\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/102170\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039984\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cavium.com/security-advisory-cve-2017-17428.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/144389\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-327\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-17428\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-03-05T18:29:00.237\",\"lastModified\":\"2024-11-21T03:17:55.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.\"},{\"lang\":\"es\",\"value\":\"Los SDK (software development kit) de Cavium Nitrox SSL, Nitrox V SSL y TurboSSL permiten que atacantes remotos descifren datos TLS cifrados aprovechando un or\u00e1culo de relleno RSA Bleichenbacher. Esto tambi\u00e9n se conoce como ataque ROBOT.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:N/A:N\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cavium:nitrox_ssl_sdk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.1.0\",\"matchCriteriaId\":\"A8DF06BB-1F8B-4A8B-BA66-028AFF9FA36E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cavium:nitrox_v_ssl_sdk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2\",\"matchCriteriaId\":\"274D753A-E022-4E41-9114-0B26A472BB63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cavium:octeon_sdk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.2\",\"matchCriteriaId\":\"7529F21A-0F87-421A-9D96-9B21A11F77D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cavium:octeon_ssl_sdk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.0\",\"matchCriteriaId\":\"5ACC7912-4FF4-49FE-B5D8-6CEAEFC25DA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cavium:turbossl_sdk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0\",\"matchCriteriaId\":\"E3B94D6A-7AC9-48B6-9A7C-7C8D23F3AFCB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_conect_im:7.24.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0143CB5D-07F4-4BC3-85C4-5A1A5F10D255\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings:t31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2CD55EC-37E6-4E00-97CA-CBCA430AA711\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings:t32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7D55BE2-8399-4B10-9430-BEB0036800C4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\\\(0\\\\)a5\\\\(2.0\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24BD18A8-AEAD-459A-9E16-3790BE6543D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\\\(0\\\\)a5\\\\(3.0\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD10B359-AB2A-41A6-96D2-C904F705DE7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\\\(0\\\\)a5\\\\(3.5\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D7F0F7C-295C-4565-B818-FF9FBAB36249\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ace_4710_application_control_engine:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94E8DDD6-4B63-4430-AF9C-2A9ABCC79E24\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\\\(0\\\\)a5\\\\(2.0\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60340950-50AD-47C2-B9CB-2D930D180EF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\\\(0\\\\)a5\\\\(3.0\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A4C206B-1375-41BE-8811-E334E7879A29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\\\(0\\\\)a5\\\\(3.5\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF73E89-9C67-4A37-B9BC-EC9E17C0E0CB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ace30_application_control_engine_module:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AD4CC24-D2B1-4DEB-85AE-393CDCDD24F4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_5520_firmware:9.1\\\\(7.16\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4AA2A28-18CB-4C73-B52A-4DE306B55896\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:adaptive_security_appliance_5520:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35954D5D-F767-485F-94AB-0CD8B58F6352\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_5540_firmware:9.1\\\\(7.16\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"337DC063-042E-43AF-810E-8598CCEB2FD6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:adaptive_security_appliance_5540:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CCBF299-D6F5-4D00-8616-9EDE7EAFAC28\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_5550_firmware:9.1\\\\(7.16\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07348020-F675-40B9-9477-914ADCB85991\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:adaptive_security_appliance_5550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C24537C8-4F9C-4979-BB1A-466ADA6C3FF5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_5510_firmware:9.1\\\\(7.16\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21A7DCB5-936E-4039-B798-2B6EF5A148BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:adaptive_security_appliance_5510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FF7123A-5538-48AF-BD7A-A0D7962CB10E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_5505_firmware:9.1\\\\(7.16\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71174C79-2DC1-4CE7-923D-2EF2D4362CAD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:adaptive_security_appliance_5505:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AC84224-8B1A-4D92-9FBD-813F6C857A77\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102170\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039984\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cavium.com/security-advisory-cve-2017-17428.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/144389\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/102170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cavium.com/security-advisory-cve-2017-17428.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/144389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

CERTFR-2017-ALE-020

Vulnerability from certfr_alerte - Published: - Updated:

[Mise à jour du 02/02/2018 : Ajout de l'avis de sécurité Aruba ARUBA-PSA-2018-002]

En 1998, le chercheur Daniel Bleichenbacher a découvert une vulnérabilité dans des implémentations du chiffrement RSA PKCS #1 v1.5 utilisé dans SSL.

Celle-ci permet une attaque à texte chiffré choisi. Après avoir passivement intercepté les communications entre un client et un serveur, un attaquant peut envoyer des requêtes mal formées à ce serveur, chiffrées avec la clé publique de celui-ci, dans le but d'obtenir des informations en fonction des messages d'erreurs reçus. Au bout d'un certain nombre de requêtes, l'attaquant est en mesure, sans deviner la clé privée, de récupérer la clé de session dans ses captures préalables et ainsi pouvoir déchiffrer les communications. Suivant les implémentations, ce nombre de requêtes varie de plusieurs dizaines de milliers à quelques millions. Cette attaque permet également de faire signer des messages arbitraires par le serveur.

Le 12 décembre 2017, des chercheurs ont publié leurs travaux sur cette vulnérabilité par le biais d'un site internet (cf. section Documentation) et d'un papier blanc (cf. section Documentation). En scannant internet, ils ont découvert que de nombreuses implémentations de piles TLS sont encore vulnérables, soit parce qu'elles n'ont pas été mises à jour, soit parce qu'il n'a pas été tenu compte des contre-mesures existantes.

Ces chercheurs estiment qu'une attaque de l'intercepteur actif (Mitm) est peu pratique à mettre en oeuvre à cause du temps requis pour récupérer la clé de session. En effet, celui-ci est de l'ordre de plusieurs secondes ; cela est suffisant pour une attaque hors ligne, mais trop long pour se placer discrètement dans une communication. Ils recommandent de désactiver le chiffrement RSA au profit de l'utilisation de l'algorithme de Diffie-Hellman en courbes elliptiques.

Le 30 janvier 2018, Aruba Networks a publié un avis de sécurité pour indiquer que les versions d'InstantOS antérieures à 6.5.4.6 étaient vulnérables (cf. section Documentation). La version 6.5.4.6 n'est cependant pas encore disponible et ne possède pas de date de sortie officielle.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

Le CERT-FR recommande l'utilisation des outils fournis par les chercheurs sur leur site (cf. section Documentation) afin de déterminer si des équipements sont vulnérables. D'un point de vue opérationnel, la désactivation du chiffrement RSA peut s'avérer compliquée. Il est aussi possible de surveiller les communications réseaux pour détecter des pics d'envois de messages erronés.

En cas de présence d'équipement vulnérable, les communications ne peuvent plus être considérées comme confidentielles. De même, on ne peut plus faire confiance aux messages signés par un serveur vulnérable.

Les chercheurs ont annoncé qu'ils disposaient d'une preuve de concept. Pour l'instant, celle-ci n'est pas disponible publiquement, mais ils ont annoncé qu'ils comptaient la publier après avoir laissé du temps supplémentaire aux constructeurs pour corriger cette faille.

Le CERT-FR recommande l'installation des correctifs dès que ceux-ci sont disponibles.

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Se référer à la liste des produits affectés sur le site du kd.cert.org (cf. section Documentation)

References

Title

Publication Time

Tags

robotattack.org	None	vendor-advisory
Avis CERT-FR CERTFR-2017-AVI-463	-	other
Return Of Bleichenbacher’s Oracle Threat (ROBOT)	-	other
Liste étendue de produits affectés	-	other
Avis de sécurité Aruba ARUBA-PSA-2018-002 du 30 janvier 2018	-	other
Avis CERT-FR CERTFR-2017-AVI-462	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Se r\u00e9f\u00e9rer \u00e0 la liste des produits affect\u00e9s sur le site du kd.cert.org (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2018-04-06",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nLe CERT-FR recommande l\u0027utilisation des outils fournis par les\nchercheurs sur leur site (cf. section Documentation) afin de d\u00e9terminer\nsi des \u00e9quipements sont vuln\u00e9rables. D\u0027un point de vue op\u00e9rationnel, la\nd\u00e9sactivation du chiffrement RSA peut s\u0027av\u00e9rer compliqu\u00e9e. Il est aussi\npossible de surveiller les communications r\u00e9seaux pour d\u00e9tecter des pics\nd\u0027envois de messages erron\u00e9s.\n\nEn cas de pr\u00e9sence d\u0027\u00e9quipement vuln\u00e9rable, les communications ne\npeuvent plus \u00eatre consid\u00e9r\u00e9es comme confidentielles. De m\u00eame, on ne peut\nplus faire confiance aux messages sign\u00e9s par un serveur vuln\u00e9rable.\n\nLes chercheurs ont annonc\u00e9 qu\u0027ils disposaient d\u0027une preuve de concept.\nPour l\u0027instant, celle-ci n\u0027est pas disponible publiquement, mais ils ont\nannonc\u00e9 qu\u0027ils comptaient la publier apr\u00e8s avoir laiss\u00e9 du temps\nsuppl\u00e9mentaire aux constructeurs pour corriger cette faille.\n\nLe CERT-FR recommande l\u0027installation des correctifs d\u00e8s que ceux-ci sont\ndisponibles.\n",
  "cves": [
    {
      "name": "CVE-2017-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13099"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2016-6883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6883"
    },
    {
      "name": "CVE-2017-17428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17428"
    },
    {
      "name": "CVE-2017-13098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2017-6168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6168"
    },
    {
      "name": "CVE-2017-17382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17382"
    },
    {
      "name": "CVE-2017-17427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17427"
    }
  ],
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2017-AVI-463",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-463/"
    },
    {
      "title": "Return Of Bleichenbacher\u2019s Oracle Threat (ROBOT)",
      "url": "https://eprint.iacr.org/2017/1189.pdf"
    },
    {
      "title": "Liste \u00e9tendue de produits affect\u00e9s",
      "url": "https://www.kb.cert.org/vuls/byvendor?searchview\u0026Query=FIELD+Reference=144389\u0026SearchOrder=4"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2018-002 du 30 janvier 2018",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
    },
    {
      "title": "Avis CERT-FR CERTFR-2017-AVI-462",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-462/"
    }
  ],
  "reference": "CERTFR-2017-ALE-020",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-13T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027avis de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2018-002",
      "revision_date": "2018-02-02T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte",
      "revision_date": "2018-04-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "\\[Mise \u00e0 jour du 02/02/2018 : Ajout de l\u0027avis de s\u00e9curit\u00e9 Aruba\nARUBA-PSA-2018-002\\]\n\nEn 1998, le chercheur\u00a0Daniel Bleichenbacher a d\u00e9couvert une\nvuln\u00e9rabilit\u00e9 dans des impl\u00e9mentations du chiffrement RSA PKCS \\#1 v1.5\nutilis\u00e9 dans SSL.\n\nCelle-ci permet une attaque \u00e0 texte chiffr\u00e9 choisi. Apr\u00e8s avoir\npassivement intercept\u00e9 les communications entre un client et un serveur,\nun attaquant peut envoyer des requ\u00eates mal form\u00e9es \u00e0 ce serveur,\nchiffr\u00e9es avec la cl\u00e9 publique de celui-ci, dans le but d\u0027obtenir des\ninformations en fonction des messages d\u0027erreurs re\u00e7us. Au bout d\u0027un\ncertain nombre de requ\u00eates, l\u0027attaquant est en mesure, sans deviner la\ncl\u00e9 priv\u00e9e, de r\u00e9cup\u00e9rer la cl\u00e9 de session dans ses captures pr\u00e9alables\net ainsi pouvoir d\u00e9chiffrer les communications. Suivant les\nimpl\u00e9mentations, ce nombre de requ\u00eates varie de plusieurs dizaines de\nmilliers \u00e0 quelques millions. Cette attaque permet \u00e9galement de faire\nsigner des messages arbitraires par le serveur.\n\nLe 12 d\u00e9cembre 2017, des chercheurs ont publi\u00e9 leurs travaux sur cette\nvuln\u00e9rabilit\u00e9 par le biais d\u0027un site internet (cf. section\nDocumentation) et d\u0027un papier blanc (cf. section Documentation). En\nscannant internet, ils ont d\u00e9couvert que de nombreuses impl\u00e9mentations\nde piles TLS sont encore vuln\u00e9rables, soit parce qu\u0027elles n\u0027ont pas \u00e9t\u00e9\nmises \u00e0 jour, soit parce qu\u0027il n\u0027a pas \u00e9t\u00e9 tenu compte des\ncontre-mesures existantes.\n\nCes chercheurs estiment qu\u0027une attaque de l\u0027intercepteur actif (Mitm)\nest peu pratique \u00e0 mettre en oeuvre \u00e0 cause du temps requis pour\nr\u00e9cup\u00e9rer la cl\u00e9 de session. En effet, celui-ci est de l\u0027ordre de\nplusieurs secondes ; cela est suffisant pour une attaque hors ligne,\nmais trop long pour se placer discr\u00e8tement dans une communication. Ils\nrecommandent de d\u00e9sactiver le chiffrement RSA au profit de l\u0027utilisation\nde l\u0027algorithme de Diffie-Hellman en courbes elliptiques.\n\nLe 30 janvier 2018, Aruba Networks a publi\u00e9 un avis de s\u00e9curit\u00e9 pour\nindiquer que les versions d\u0027InstantOS ant\u00e9rieures \u00e0 6.5.4.6 \u00e9taient\nvuln\u00e9rables (cf. section Documentation). La version 6.5.4.6 n\u0027est\ncependant pas encore disponible et ne poss\u00e8de pas de date de sortie\nofficielle.\n\n\u00a0\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans des impl\u00e9mentations de TLS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "robotattack.org",
      "url": "https://robotattack.org/"
    }
  ]
}

CERTFR-2017-ALE-020

Vulnerability from certfr_alerte - Published: - Updated:

[Mise à jour du 02/02/2018 : Ajout de l'avis de sécurité Aruba ARUBA-PSA-2018-002]

En 1998, le chercheur Daniel Bleichenbacher a découvert une vulnérabilité dans des implémentations du chiffrement RSA PKCS #1 v1.5 utilisé dans SSL.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

Le CERT-FR recommande l'installation des correctifs dès que ceux-ci sont disponibles.

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Se référer à la liste des produits affectés sur le site du kd.cert.org (cf. section Documentation)

References

Title

Publication Time

Tags

robotattack.org	None	vendor-advisory
Avis CERT-FR CERTFR-2017-AVI-463	-	other
Return Of Bleichenbacher’s Oracle Threat (ROBOT)	-	other
Liste étendue de produits affectés	-	other
Avis de sécurité Aruba ARUBA-PSA-2018-002 du 30 janvier 2018	-	other
Avis CERT-FR CERTFR-2017-AVI-462	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Se r\u00e9f\u00e9rer \u00e0 la liste des produits affect\u00e9s sur le site du kd.cert.org (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2018-04-06",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nLe CERT-FR recommande l\u0027utilisation des outils fournis par les\nchercheurs sur leur site (cf. section Documentation) afin de d\u00e9terminer\nsi des \u00e9quipements sont vuln\u00e9rables. D\u0027un point de vue op\u00e9rationnel, la\nd\u00e9sactivation du chiffrement RSA peut s\u0027av\u00e9rer compliqu\u00e9e. Il est aussi\npossible de surveiller les communications r\u00e9seaux pour d\u00e9tecter des pics\nd\u0027envois de messages erron\u00e9s.\n\nEn cas de pr\u00e9sence d\u0027\u00e9quipement vuln\u00e9rable, les communications ne\npeuvent plus \u00eatre consid\u00e9r\u00e9es comme confidentielles. De m\u00eame, on ne peut\nplus faire confiance aux messages sign\u00e9s par un serveur vuln\u00e9rable.\n\nLes chercheurs ont annonc\u00e9 qu\u0027ils disposaient d\u0027une preuve de concept.\nPour l\u0027instant, celle-ci n\u0027est pas disponible publiquement, mais ils ont\nannonc\u00e9 qu\u0027ils comptaient la publier apr\u00e8s avoir laiss\u00e9 du temps\nsuppl\u00e9mentaire aux constructeurs pour corriger cette faille.\n\nLe CERT-FR recommande l\u0027installation des correctifs d\u00e8s que ceux-ci sont\ndisponibles.\n",
  "cves": [
    {
      "name": "CVE-2017-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13099"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2016-6883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6883"
    },
    {
      "name": "CVE-2017-17428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17428"
    },
    {
      "name": "CVE-2017-13098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2017-6168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6168"
    },
    {
      "name": "CVE-2017-17382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17382"
    },
    {
      "name": "CVE-2017-17427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17427"
    }
  ],
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2017-AVI-463",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-463/"
    },
    {
      "title": "Return Of Bleichenbacher\u2019s Oracle Threat (ROBOT)",
      "url": "https://eprint.iacr.org/2017/1189.pdf"
    },
    {
      "title": "Liste \u00e9tendue de produits affect\u00e9s",
      "url": "https://www.kb.cert.org/vuls/byvendor?searchview\u0026Query=FIELD+Reference=144389\u0026SearchOrder=4"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2018-002 du 30 janvier 2018",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
    },
    {
      "title": "Avis CERT-FR CERTFR-2017-AVI-462",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-462/"
    }
  ],
  "reference": "CERTFR-2017-ALE-020",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-13T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027avis de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2018-002",
      "revision_date": "2018-02-02T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte",
      "revision_date": "2018-04-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "\\[Mise \u00e0 jour du 02/02/2018 : Ajout de l\u0027avis de s\u00e9curit\u00e9 Aruba\nARUBA-PSA-2018-002\\]\n\nEn 1998, le chercheur\u00a0Daniel Bleichenbacher a d\u00e9couvert une\nvuln\u00e9rabilit\u00e9 dans des impl\u00e9mentations du chiffrement RSA PKCS \\#1 v1.5\nutilis\u00e9 dans SSL.\n\nCelle-ci permet une attaque \u00e0 texte chiffr\u00e9 choisi. Apr\u00e8s avoir\npassivement intercept\u00e9 les communications entre un client et un serveur,\nun attaquant peut envoyer des requ\u00eates mal form\u00e9es \u00e0 ce serveur,\nchiffr\u00e9es avec la cl\u00e9 publique de celui-ci, dans le but d\u0027obtenir des\ninformations en fonction des messages d\u0027erreurs re\u00e7us. Au bout d\u0027un\ncertain nombre de requ\u00eates, l\u0027attaquant est en mesure, sans deviner la\ncl\u00e9 priv\u00e9e, de r\u00e9cup\u00e9rer la cl\u00e9 de session dans ses captures pr\u00e9alables\net ainsi pouvoir d\u00e9chiffrer les communications. Suivant les\nimpl\u00e9mentations, ce nombre de requ\u00eates varie de plusieurs dizaines de\nmilliers \u00e0 quelques millions. Cette attaque permet \u00e9galement de faire\nsigner des messages arbitraires par le serveur.\n\nLe 12 d\u00e9cembre 2017, des chercheurs ont publi\u00e9 leurs travaux sur cette\nvuln\u00e9rabilit\u00e9 par le biais d\u0027un site internet (cf. section\nDocumentation) et d\u0027un papier blanc (cf. section Documentation). En\nscannant internet, ils ont d\u00e9couvert que de nombreuses impl\u00e9mentations\nde piles TLS sont encore vuln\u00e9rables, soit parce qu\u0027elles n\u0027ont pas \u00e9t\u00e9\nmises \u00e0 jour, soit parce qu\u0027il n\u0027a pas \u00e9t\u00e9 tenu compte des\ncontre-mesures existantes.\n\nCes chercheurs estiment qu\u0027une attaque de l\u0027intercepteur actif (Mitm)\nest peu pratique \u00e0 mettre en oeuvre \u00e0 cause du temps requis pour\nr\u00e9cup\u00e9rer la cl\u00e9 de session. En effet, celui-ci est de l\u0027ordre de\nplusieurs secondes ; cela est suffisant pour une attaque hors ligne,\nmais trop long pour se placer discr\u00e8tement dans une communication. Ils\nrecommandent de d\u00e9sactiver le chiffrement RSA au profit de l\u0027utilisation\nde l\u0027algorithme de Diffie-Hellman en courbes elliptiques.\n\nLe 30 janvier 2018, Aruba Networks a publi\u00e9 un avis de s\u00e9curit\u00e9 pour\nindiquer que les versions d\u0027InstantOS ant\u00e9rieures \u00e0 6.5.4.6 \u00e9taient\nvuln\u00e9rables (cf. section Documentation). La version 6.5.4.6 n\u0027est\ncependant pas encore disponible et ne poss\u00e8de pas de date de sortie\nofficielle.\n\n\u00a0\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans des impl\u00e9mentations de TLS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "robotattack.org",
      "url": "https://robotattack.org/"
    }
  ]
}

CNVD-2017-37270

Vulnerability from cnvd - Published: 2017-12-18

Title

Cisco多个产品信息泄露漏洞

Description

Cisco ASA 系列安全设备可以保护各种规模的公司网络。它可让用户随时随地使用任何设备进行高度安全的数据访问。适用于Cisco Catalyst® 6500的思科应用控制引擎模块(ACE)系列产品提供了最高水平的应用基础设施控制能力、应用性能、应用安全性和基础设施简洁性。 Cisco下一代防火墙ASA和思科应用控制引擎ACE存在信息泄露漏洞，攻击者可利用漏洞执行中间人攻击并获取敏感信息。成功的攻击有助于实施进一步的攻击行为。

Severity

中

Patch Name

Cisco多个产品信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher

Reference

http://www.securityfocus.com/bid/102170

Impacted products

Name
['Cisco ASA 5540 Series Adaptive Security Appliance', 'Cisco ASA 5520 Series Adaptive Security Appliance', 'Cisco ASA 5510 Series Adaptive Security Appliance', 'Cisco ASA 5505 Series Adaptive Security Appliance', 'Cisco ASA 5500-X Series Firewalls 9.1(7.16)', 'Cisco Adaptive Security Appliance (ASA) 5500-X Series', 'Cisco ACE30 Application Control Engine Module', 'Cisco ACE 4710 Application Control Engine', 'Cisco ACE 4700 Series Application Control Engine Appliances 3.0(0)A5(3.5)', 'Cisco ACE 4700 Series Application Control Engine Appliances 3.0(0)A5(3.0)', 'Cisco ACE 4700 Series Application Control Engine Appliances 3.0(0)A5(2.0)']

Name

['Cisco ASA 5540 Series Adaptive Security Appliance', 'Cisco ASA 5520 Series Adaptive Security Appliance', 'Cisco ASA 5510 Series Adaptive Security Appliance', 'Cisco ASA 5505 Series Adaptive Security Appliance', 'Cisco ASA 5500-X Series Firewalls 9.1(7.16)', 'Cisco Adaptive Security Appliance (ASA) 5500-X Series', 'Cisco ACE30 Application Control Engine Module', 'Cisco ACE 4710 Application Control Engine', 'Cisco ACE 4700 Series Application Control Engine Appliances 3.0(0)A5(3.5)', 'Cisco ACE 4700 Series Application Control Engine Appliances 3.0(0)A5(3.0)', 'Cisco ACE 4700 Series Application Control Engine Appliances 3.0(0)A5(2.0)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102170"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17428"
    }
  },
  "description": "Cisco ASA \u7cfb\u5217\u5b89\u5168\u8bbe\u5907\u53ef\u4ee5\u4fdd\u62a4\u5404\u79cd\u89c4\u6a21\u7684\u516c\u53f8\u7f51\u7edc\u3002\u5b83\u53ef\u8ba9\u7528\u6237\u968f\u65f6\u968f\u5730\u4f7f\u7528\u4efb\u4f55\u8bbe\u5907\u8fdb\u884c\u9ad8\u5ea6\u5b89\u5168\u7684\u6570\u636e\u8bbf\u95ee\u3002\u9002\u7528\u4e8eCisco Catalyst\u00ae 6500\u7684\u601d\u79d1\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757(ACE)\u7cfb\u5217\u4ea7\u54c1\u63d0\u4f9b\u4e86\u6700\u9ad8\u6c34\u5e73\u7684\u5e94\u7528\u57fa\u7840\u8bbe\u65bd\u63a7\u5236\u80fd\u529b\u3001\u5e94\u7528\u6027\u80fd\u3001\u5e94\u7528\u5b89\u5168\u6027\u548c\u57fa\u7840\u8bbe\u65bd\u7b80\u6d01\u6027\u3002\r\n\r\nCisco\u4e0b\u4e00\u4ee3\u9632\u706b\u5899ASA\u548c\u601d\u79d1\u5e94\u7528\u63a7\u5236\u5f15\u64ceACE\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\u5e76\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u6210\u529f\u7684\u653b\u51fb\u6709\u52a9\u4e8e\u5b9e\u65bd\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u884c\u4e3a\u3002",
  "discovererName": "Hanno B\u00c3\u00b6ck, Juraj Somorovsky of Ruhr-Universit\u00c3\u00a4t Bochum/Hackmanit GmbH, and Craig Young of Tripwire VERT.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-37270",
  "openTime": "2017-12-18",
  "patchDescription": "Cisco ASA \u7cfb\u5217\u5b89\u5168\u8bbe\u5907\u53ef\u4ee5\u4fdd\u62a4\u5404\u79cd\u89c4\u6a21\u7684\u516c\u53f8\u7f51\u7edc\u3002\u5b83\u53ef\u8ba9\u7528\u6237\u968f\u65f6\u968f\u5730\u4f7f\u7528\u4efb\u4f55\u8bbe\u5907\u8fdb\u884c\u9ad8\u5ea6\u5b89\u5168\u7684\u6570\u636e\u8bbf\u95ee\u3002\u9002\u7528\u4e8eCisco Catalyst\u00ae 6500\u7684\u601d\u79d1\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757(ACE)\u7cfb\u5217\u4ea7\u54c1\u63d0\u4f9b\u4e86\u6700\u9ad8\u6c34\u5e73\u7684\u5e94\u7528\u57fa\u7840\u8bbe\u65bd\u63a7\u5236\u80fd\u529b\u3001\u5e94\u7528\u6027\u80fd\u3001\u5e94\u7528\u5b89\u5168\u6027\u548c\u57fa\u7840\u8bbe\u65bd\u7b80\u6d01\u6027\u3002\r\n\r\nCisco\u4e0b\u4e00\u4ee3\u9632\u706b\u5899ASA\u548c\u601d\u79d1\u5e94\u7528\u63a7\u5236\u5f15\u64ceACE\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\u5e76\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u6210\u529f\u7684\u653b\u51fb\u6709\u52a9\u4e8e\u5b9e\u65bd\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u884c\u4e3a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco\u591a\u4e2a\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco ASA 5540 Series Adaptive Security Appliance",
      "Cisco ASA 5520 Series Adaptive Security Appliance",
      "Cisco ASA 5510 Series Adaptive Security Appliance",
      "Cisco ASA 5505 Series Adaptive Security Appliance",
      "Cisco ASA 5500-X Series Firewalls 9.1(7.16)",
      "Cisco Adaptive Security Appliance (ASA) 5500-X Series",
      "Cisco ACE30 Application Control Engine Module",
      "Cisco ACE 4710 Application Control Engine",
      "Cisco ACE 4700 Series Application Control Engine Appliances 3.0(0)A5(3.5)",
      "Cisco ACE 4700 Series Application Control Engine Appliances 3.0(0)A5(3.0)",
      "Cisco ACE 4700 Series Application Control Engine Appliances 3.0(0)A5(2.0)"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/102170",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-18",
  "title": "Cisco\u591a\u4e2a\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CERTFR-2022-AVI-171

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les commutateurs Aruba AOS-CX. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
HPE Aruba Networking	AOS	AOS-CX versions 10.06.x antérieures à 10.06.0180
HPE Aruba Networking	AOS	AOS-CX versions 10.09.x antérieures à 10.09.0010
HPE Aruba Networking	AOS	AOS-CX versions 10.07.x antérieures à 10.07.0061
HPE Aruba Networking	AOS	AOS-CX versions 10.08.x antérieures à 10.08.1040

References

Title

Publication Time

Tags

Bulletin de sécurité Aruba AOS-CX ARUBA-PSA-2022-004 du 23 février 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AOS-CX versions 10.06.x ant\u00e9rieures \u00e0 10.06.0180",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.09.x ant\u00e9rieures \u00e0 10.09.0010",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.07.x ant\u00e9rieures \u00e0 10.07.0061",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.08.x ant\u00e9rieures \u00e0 10.08.1040",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13099"
    },
    {
      "name": "CVE-2016-6883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6883"
    },
    {
      "name": "CVE-2017-17427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17427"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2017-13098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2002-20001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-20001"
    },
    {
      "name": "CVE-2017-6168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6168"
    },
    {
      "name": "CVE-2021-41000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41000"
    },
    {
      "name": "CVE-2017-12373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12373"
    },
    {
      "name": "CVE-2021-41003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41003"
    },
    {
      "name": "CVE-2017-17428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17428"
    },
    {
      "name": "CVE-2021-41001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41001"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2017-17382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17382"
    },
    {
      "name": "CVE-2021-41002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41002"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-171",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les commutateurs\nAruba AOS-CX. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les commutateurs Aruba AOS-CX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba AOS-CX ARUBA-PSA-2022-004 du 23 f\u00e9vrier 2022",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
    }
  ]
}

CERTFR-2022-AVI-171

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
HPE Aruba Networking	AOS	AOS-CX versions 10.06.x antérieures à 10.06.0180
HPE Aruba Networking	AOS	AOS-CX versions 10.09.x antérieures à 10.09.0010
HPE Aruba Networking	AOS	AOS-CX versions 10.07.x antérieures à 10.07.0061
HPE Aruba Networking	AOS	AOS-CX versions 10.08.x antérieures à 10.08.1040

References

Title

Publication Time

Tags

Bulletin de sécurité Aruba AOS-CX ARUBA-PSA-2022-004 du 23 février 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AOS-CX versions 10.06.x ant\u00e9rieures \u00e0 10.06.0180",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.09.x ant\u00e9rieures \u00e0 10.09.0010",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.07.x ant\u00e9rieures \u00e0 10.07.0061",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.08.x ant\u00e9rieures \u00e0 10.08.1040",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13099"
    },
    {
      "name": "CVE-2016-6883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6883"
    },
    {
      "name": "CVE-2017-17427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17427"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2017-13098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2002-20001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-20001"
    },
    {
      "name": "CVE-2017-6168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6168"
    },
    {
      "name": "CVE-2021-41000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41000"
    },
    {
      "name": "CVE-2017-12373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12373"
    },
    {
      "name": "CVE-2021-41003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41003"
    },
    {
      "name": "CVE-2017-17428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17428"
    },
    {
      "name": "CVE-2021-41001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41001"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2017-17382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17382"
    },
    {
      "name": "CVE-2021-41002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41002"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-171",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les commutateurs\nAruba AOS-CX. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les commutateurs Aruba AOS-CX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba AOS-CX ARUBA-PSA-2022-004 du 23 f\u00e9vrier 2022",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
    }
  ]
}

VAR-201803-0191

Vulnerability from variot - Updated: 2023-12-18 11:01

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a "ROBOT attack". The CiscoASA family of security appliances protects corporate networks of all sizes. It allows users to use any device, anytime, anywhere for highly secure data access. The Cisco Application Control Engine Module (ACE) family of products for the Cisco Catalyst\302\256 6500 delivers the highest levels of application infrastructure control, application performance, application security, and infrastructure simplicity. The Cisco Next-Generation Firewall ASA and the Cisco Application Control Engine ACE have information disclosure vulnerabilities that allow attackers to exploit man-in-the-middle attacks and obtain sensitive information. A successful attack can help to implement further attacks. Multiple Cisco Products are prone to multiple information-disclosure vulnerabilities. These issues are being tracked by Cisco Bug ID's CSCvg74693 and CSCvg97652. Cavium Nitrox SSL is a security processor for Nitrox. Nitrox V SSL SSL is a security processor for Nitrox V SSL. TurboSSL software development kits (SDKs) are a set of software development kits. A remote attacker could exploit this vulnerability by sending a specially crafted TLS message to the device to decrypt TLS ciphertext data

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-0191",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ace series application control engine appliances 3.0 a5",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "cisco",
        "version": "4700"
      },
      {
        "model": "ace4710 application control engine",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.0\\(0\\)a5\\(3.0\\)"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.0\\(0\\)a5\\(3.0\\)"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.0\\(0\\)a5\\(2.0\\)"
      },
      {
        "model": "ace4710 application control engine",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.0\\(0\\)a5\\(3.5\\)"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.0\\(0\\)a5\\(3.5\\)"
      },
      {
        "model": "adaptive security appliance 5520",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.1\\(7.16\\)"
      },
      {
        "model": "adaptive security appliance 5540",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.1\\(7.16\\)"
      },
      {
        "model": "ace30 application control engine module",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "adaptive security appliance 5505",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.1\\(7.16\\)"
      },
      {
        "model": "ace4710 application control engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0\\(0\\)a5\\(2.0\\)"
      },
      {
        "model": "webex meetings",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "t31"
      },
      {
        "model": "adaptive security appliance 5510",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.1\\(7.16\\)"
      },
      {
        "model": "nitrox ssl sdk",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cavium",
        "version": "6.1.0"
      },
      {
        "model": "webex meetings",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "t32"
      },
      {
        "model": "turbossl sdk",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cavium",
        "version": "1.0"
      },
      {
        "model": "adaptive security appliance 5550",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.1\\(7.16\\)"
      },
      {
        "model": "nitrox v ssl sdk",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cavium",
        "version": "1.2"
      },
      {
        "model": "octeon sdk",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cavium",
        "version": "1.7.2"
      },
      {
        "model": "webex conect im",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.24.1"
      },
      {
        "model": "octeon ssl sdk",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cavium",
        "version": "1.5.0"
      },
      {
        "model": "asa series firewalls",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "5500-x9.1(7.16)"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "erlang",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "legion of the bouncy castle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "matrixssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "micro focus",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wolfssl",
        "version": null
      },
      {
        "model": "nitrox ssl sdk",
        "scope": null,
        "trust": 0.8,
        "vendor": "cavium",
        "version": null
      },
      {
        "model": "nitrox v ssl sdk",
        "scope": null,
        "trust": 0.8,
        "vendor": "cavium",
        "version": null
      },
      {
        "model": "octeon sdk",
        "scope": null,
        "trust": 0.8,
        "vendor": "cavium",
        "version": null
      },
      {
        "model": "octeon ssl sdk",
        "scope": null,
        "trust": 0.8,
        "vendor": "cavium",
        "version": null
      },
      {
        "model": "turbossl sdk",
        "scope": null,
        "trust": 0.8,
        "vendor": "cavium",
        "version": null
      },
      {
        "model": "ace 4710 application control engine",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "adaptive security appliance 5505",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "adaptive security appliance 5510",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "adaptive security appliance 5520",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "adaptive security appliance 5540",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "adaptive security appliance 5550",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex connect im",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5540"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5520"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5510"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5505"
      },
      {
        "model": "adaptive security appliance series",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5500-x"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4710"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "55400"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "55200"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "55100"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "55050"
      },
      {
        "model": "adaptive security appliance series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5500-x0"
      },
      {
        "model": "ace30 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47100"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37270"
      },
      {
        "db": "BID",
        "id": "102170"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012893"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17428"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-577"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cavium:octeon_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.7.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cavium:nitrox_v_ssl_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cavium:nitrox_ssl_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cavium:octeon_ssl_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cavium:turbossl_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings:t31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_conect_im:7.24.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings:t32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(3.0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(3.5\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(2.0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ace_4710_application_control_engine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(3.0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(3.5\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(2.0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ace30_application_control_engine_module:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5520_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5520:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5540_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5540:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5550_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5550:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5510_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5505_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5505:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17428"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "and Craig Young of Tripwire VERT.,Hanno B??ck, Juraj Somorovsky of Ruhr-Universit?\u00a4t Bochum/Hackmanit GmbH",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-577"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-17428",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.1,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-17428",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-37270",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-108449",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-17428",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-17428",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-37270",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-577",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-108449",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37270"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012893"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17428"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-577"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a \"ROBOT attack\". The CiscoASA family of security appliances protects corporate networks of all sizes. It allows users to use any device, anytime, anywhere for highly secure data access. The Cisco Application Control Engine Module (ACE) family of products for the Cisco Catalyst\\302\\256 6500 delivers the highest levels of application infrastructure control, application performance, application security, and infrastructure simplicity. The Cisco Next-Generation Firewall ASA and the Cisco Application Control Engine ACE have information disclosure vulnerabilities that allow attackers to exploit man-in-the-middle attacks and obtain sensitive information. A successful attack can help to implement further attacks. Multiple Cisco Products are prone to multiple information-disclosure vulnerabilities. \nThese issues are being tracked by Cisco Bug ID\u0027s CSCvg74693 and CSCvg97652. Cavium Nitrox SSL is a security processor for Nitrox. Nitrox V SSL SSL is a security processor for Nitrox V SSL. TurboSSL software development kits (SDKs) are a set of software development kits. A remote attacker could exploit this vulnerability by sending a specially crafted TLS message to the device to decrypt TLS ciphertext data",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17428"
      },
      {
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012893"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37270"
      },
      {
        "db": "BID",
        "id": "102170"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108449"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#144389",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17428",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "102170",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1039984",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU92438713",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012893",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37270",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-577",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-108449",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37270"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108449"
      },
      {
        "db": "BID",
        "id": "102170"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012893"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17428"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-577"
      }
    ]
  },
  "id": "VAR-201803-0191",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37270"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108449"
      }
    ],
    "trust": 1.2275894433333332
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37270"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:01:45.129000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20171212-bleichenbacher",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher"
      },
      {
        "title": "CVE-2017-17428",
        "trust": 0.8,
        "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
      },
      {
        "title": "Patch for Cisco Multiple Product Information Disclosure Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/110837"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37270"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012893"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-327",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012893"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17428"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher"
      },
      {
        "trust": 2.8,
        "url": "https://www.kb.cert.org/vuls/id/144389"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/102170"
      },
      {
        "trust": 1.7,
        "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039984"
      },
      {
        "trust": 0.8,
        "url": "https://robotattack.org"
      },
      {
        "trust": 0.8,
        "url": "https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-meyer.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://www.cert.org/historical/advisories/ca-1998-07.cfm"
      },
      {
        "trust": 0.8,
        "url": "https://tools.ietf.org/html/rfc5246#section-7.4.7.1"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/203.html"
      },
      {
        "trust": 0.8,
        "url": "https://support.citrix.com/article/ctx230238"
      },
      {
        "trust": 0.8,
        "url": "https://support.f5.com/csp/article/k21905460"
      },
      {
        "trust": 0.8,
        "url": "https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c"
      },
      {
        "trust": 0.8,
        "url": "https://github.com/matrixssl/matrixssl/blob/master/doc/changes.md"
      },
      {
        "trust": 0.8,
        "url": "https://support.microfocus.com/kb/doc.php?id=7022561"
      },
      {
        "trust": 0.8,
        "url": "https://github.com/wolfssl/wolfssl/pull/1229"
      },
      {
        "trust": 0.8,
        "url": "https://community.rsa.com/docs/doc-85268"
      },
      {
        "trust": 0.8,
        "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17428"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu92438713"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17428"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37270"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108449"
      },
      {
        "db": "BID",
        "id": "102170"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012893"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17428"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-577"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37270"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108449"
      },
      {
        "db": "BID",
        "id": "102170"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012893"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17428"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-577"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-12T00:00:00",
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "date": "2017-12-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37270"
      },
      {
        "date": "2018-03-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108449"
      },
      {
        "date": "2017-12-12T00:00:00",
        "db": "BID",
        "id": "102170"
      },
      {
        "date": "2018-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012893"
      },
      {
        "date": "2018-03-05T18:29:00.237000",
        "db": "NVD",
        "id": "CVE-2017-17428"
      },
      {
        "date": "2017-12-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-577"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-04-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "date": "2017-12-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37270"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108449"
      },
      {
        "date": "2017-12-19T21:01:00",
        "db": "BID",
        "id": "102170"
      },
      {
        "date": "2018-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012893"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-17428"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-577"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-577"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#144389"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-577"
      }
    ],
    "trust": 0.6
  }
}

GSD-2017-17428

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-17428

Aliases

CVE-2017-17428

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-17428",
    "description": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.",
    "id": "GSD-2017-17428"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-17428"
      ],
      "details": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.",
      "id": "GSD-2017-17428",
      "modified": "2023-12-13T01:21:05.148471Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-17428",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "102170",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102170"
          },
          {
            "name": "https://www.cavium.com/security-advisory-cve-2017-17428.html",
            "refsource": "CONFIRM",
            "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
          },
          {
            "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
          },
          {
            "name": "1039984",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039984"
          },
          {
            "name": "VU#144389",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/144389"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cavium:octeon_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.7.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cavium:nitrox_v_ssl_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cavium:nitrox_ssl_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cavium:octeon_ssl_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cavium:turbossl_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings:t31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_conect_im:7.24.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings:t32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(3.0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(3.5\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(2.0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ace_4710_application_control_engine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(3.0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(3.5\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(2.0\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:ace30_application_control_engine_module:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5520_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5520:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5540_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5540:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5550_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5550:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5510_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5505_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5505:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17428"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-327"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#144389",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/144389"
            },
            {
              "name": "https://www.cavium.com/security-advisory-cve-2017-17428.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
            },
            {
              "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017",
              "refsource": "CISCO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
            },
            {
              "name": "1039984",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039984"
            },
            {
              "name": "102170",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102170"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-03-05T18:29Z"
    }
  }
}

GHSA-GW93-27CV-RC7M

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-17428"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-05T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.",
  "id": "GHSA-gw93-27cv-rc7m",
  "modified": "2022-05-13T01:44:24Z",
  "published": "2022-05-13T01:44:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17428"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
    },
    {
      "type": "WEB",
      "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/144389"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102170"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039984"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-17428

Vulnerability from fkie_nvd - Published: 2018-03-05 18:29 - Updated: 2024-11-21 03:17

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/102170	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1039984	Third Party Advisory, VDB Entry
cve@mitre.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher	Third Party Advisory
cve@mitre.org	https://www.cavium.com/security-advisory-cve-2017-17428.html	Vendor Advisory
cve@mitre.org	https://www.kb.cert.org/vuls/id/144389	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102170	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039984	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cavium.com/security-advisory-cve-2017-17428.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/144389	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
cavium	nitrox_ssl_sdk	*
cavium	nitrox_v_ssl_sdk	*
cavium	octeon_sdk	*
cavium	octeon_ssl_sdk	*
cavium	turbossl_sdk	*
cisco	webex_conect_im	7.24.1
cisco	webex_meetings	t31
cisco	webex_meetings	t32
cisco	ace4710_application_control_engine_firmware	3.0\(0\)a5\(2.0\)
cisco	ace4710_application_control_engine_firmware	3.0\(0\)a5\(3.0\)
cisco	ace4710_application_control_engine_firmware	3.0\(0\)a5\(3.5\)
cisco	ace_4710_application_control_engine	-
cisco	ace30_application_control_engine_module_firmware	3.0\(0\)a5\(2.0\)
cisco	ace30_application_control_engine_module_firmware	3.0\(0\)a5\(3.0\)
cisco	ace30_application_control_engine_module_firmware	3.0\(0\)a5\(3.5\)
cisco	ace30_application_control_engine_module	-
cisco	adaptive_security_appliance_5520_firmware	9.1\(7.16\)
cisco	adaptive_security_appliance_5520	-
cisco	adaptive_security_appliance_5540_firmware	9.1\(7.16\)
cisco	adaptive_security_appliance_5540	-
cisco	adaptive_security_appliance_5550_firmware	9.1\(7.16\)
cisco	adaptive_security_appliance_5550	-
cisco	adaptive_security_appliance_5510_firmware	9.1\(7.16\)
cisco	adaptive_security_appliance_5510	-
cisco	adaptive_security_appliance_5505_firmware	9.1\(7.16\)
cisco	adaptive_security_appliance_5505	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cavium:nitrox_ssl_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8DF06BB-1F8B-4A8B-BA66-028AFF9FA36E",
              "versionEndIncluding": "6.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cavium:nitrox_v_ssl_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "274D753A-E022-4E41-9114-0B26A472BB63",
              "versionEndIncluding": "1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cavium:octeon_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7529F21A-0F87-421A-9D96-9B21A11F77D3",
              "versionEndIncluding": "1.7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cavium:octeon_ssl_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ACC7912-4FF4-49FE-B5D8-6CEAEFC25DA4",
              "versionEndIncluding": "1.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cavium:turbossl_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B94D6A-7AC9-48B6-9A7C-7C8D23F3AFCB",
              "versionEndIncluding": "1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_conect_im:7.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0143CB5D-07F4-4BC3-85C4-5A1A5F10D255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings:t31:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2CD55EC-37E6-4E00-97CA-CBCA430AA711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings:t32:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7D55BE2-8399-4B10-9430-BEB0036800C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(2.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "24BD18A8-AEAD-459A-9E16-3790BE6543D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(3.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DD10B359-AB2A-41A6-96D2-C904F705DE7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(3.5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2D7F0F7C-295C-4565-B818-FF9FBAB36249",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ace_4710_application_control_engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E8DDD6-4B63-4430-AF9C-2A9ABCC79E24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(2.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "60340950-50AD-47C2-B9CB-2D930D180EF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(3.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4C206B-1375-41BE-8811-E334E7879A29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(3.5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2FF73E89-9C67-4A37-B9BC-EC9E17C0E0CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ace30_application_control_engine_module:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AD4CC24-D2B1-4DEB-85AE-393CDCDD24F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_5520_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D4AA2A28-18CB-4C73-B52A-4DE306B55896",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5520:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "35954D5D-F767-485F-94AB-0CD8B58F6352",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_5540_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "337DC063-042E-43AF-810E-8598CCEB2FD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5540:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CCBF299-D6F5-4D00-8616-9EDE7EAFAC28",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_5550_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "07348020-F675-40B9-9477-914ADCB85991",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24537C8-4F9C-4979-BB1A-466ADA6C3FF5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_5510_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "21A7DCB5-936E-4039-B798-2B6EF5A148BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FF7123A-5538-48AF-BD7A-A0D7962CB10E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_5505_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "71174C79-2DC1-4CE7-923D-2EF2D4362CAD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5505:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AC84224-8B1A-4D92-9FBD-813F6C857A77",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
    },
    {
      "lang": "es",
      "value": "Los SDK (software development kit) de Cavium Nitrox SSL, Nitrox V SSL y TurboSSL permiten que atacantes remotos descifren datos TLS cifrados aprovechando un or\u00e1culo de relleno RSA Bleichenbacher. Esto tambi\u00e9n se conoce como ataque ROBOT."
    }
  ],
  "id": "CVE-2017-17428",
  "lastModified": "2024-11-21T03:17:55.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-05T18:29:00.237",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102170"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039984"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/144389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/144389"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-17428 (GCVE-0-2017-17428)

Solution

Contournement provisoire

Solution

Contournement provisoire

Solution

Solution

Tags

Sightings

Nomenclature