var-201803-0191
Vulnerability from variot
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a "ROBOT attack". The CiscoASA family of security appliances protects corporate networks of all sizes. It allows users to use any device, anytime, anywhere for highly secure data access. The Cisco Application Control Engine Module (ACE) family of products for the Cisco Catalyst\302\256 6500 delivers the highest levels of application infrastructure control, application performance, application security, and infrastructure simplicity. The Cisco Next-Generation Firewall ASA and the Cisco Application Control Engine ACE have information disclosure vulnerabilities that allow attackers to exploit man-in-the-middle attacks and obtain sensitive information. A successful attack can help to implement further attacks. Multiple Cisco Products are prone to multiple information-disclosure vulnerabilities. These issues are being tracked by Cisco Bug ID's CSCvg74693 and CSCvg97652. Cavium Nitrox SSL is a security processor for Nitrox. Nitrox V SSL SSL is a security processor for Nitrox V SSL. TurboSSL software development kits (SDKs) are a set of software development kits. A remote attacker could exploit this vulnerability by sending a specially crafted TLS message to the device to decrypt TLS ciphertext data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-0191",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ace series application control engine appliances 3.0 a5",
"scope": "eq",
"trust": 2.7,
"vendor": "cisco",
"version": "4700"
},
{
"model": "ace4710 application control engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0\\(0\\)a5\\(3.0\\)"
},
{
"model": "ace30 application control engine module",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0\\(0\\)a5\\(3.0\\)"
},
{
"model": "ace30 application control engine module",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0\\(0\\)a5\\(2.0\\)"
},
{
"model": "ace4710 application control engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0\\(0\\)a5\\(3.5\\)"
},
{
"model": "ace30 application control engine module",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0\\(0\\)a5\\(3.5\\)"
},
{
"model": "adaptive security appliance 5520",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1\\(7.16\\)"
},
{
"model": "adaptive security appliance 5540",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1\\(7.16\\)"
},
{
"model": "ace30 application control engine module",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance 5505",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1\\(7.16\\)"
},
{
"model": "ace4710 application control engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0\\(0\\)a5\\(2.0\\)"
},
{
"model": "webex meetings",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "t31"
},
{
"model": "adaptive security appliance 5510",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1\\(7.16\\)"
},
{
"model": "nitrox ssl sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "cavium",
"version": "6.1.0"
},
{
"model": "webex meetings",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "t32"
},
{
"model": "turbossl sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "cavium",
"version": "1.0"
},
{
"model": "adaptive security appliance 5550",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1\\(7.16\\)"
},
{
"model": "nitrox v ssl sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "cavium",
"version": "1.2"
},
{
"model": "octeon sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "cavium",
"version": "1.7.2"
},
{
"model": "webex conect im",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.24.1"
},
{
"model": "octeon ssl sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "cavium",
"version": "1.5.0"
},
{
"model": "asa series firewalls",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "5500-x9.1(7.16)"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "citrix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "erlang",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "legion of the bouncy castle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "matrixssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "micro focus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wolfssl",
"version": null
},
{
"model": "nitrox ssl sdk",
"scope": null,
"trust": 0.8,
"vendor": "cavium",
"version": null
},
{
"model": "nitrox v ssl sdk",
"scope": null,
"trust": 0.8,
"vendor": "cavium",
"version": null
},
{
"model": "octeon sdk",
"scope": null,
"trust": 0.8,
"vendor": "cavium",
"version": null
},
{
"model": "octeon ssl sdk",
"scope": null,
"trust": 0.8,
"vendor": "cavium",
"version": null
},
{
"model": "turbossl sdk",
"scope": null,
"trust": 0.8,
"vendor": "cavium",
"version": null
},
{
"model": "ace 4710 application control engine",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance 5505",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance 5510",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance 5520",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance 5540",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance 5550",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "webex connect im",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "webex meetings",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5540"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5520"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5510"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5505"
},
{
"model": "adaptive security appliance series",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5500-x"
},
{
"model": "ace application control engine",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4710"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55400"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55200"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55100"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55050"
},
{
"model": "adaptive security appliance series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x0"
},
{
"model": "ace30 application control engine module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ace application control engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "47100"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "CNVD",
"id": "CNVD-2017-37270"
},
{
"db": "BID",
"id": "102170"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012893"
},
{
"db": "NVD",
"id": "CVE-2017-17428"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-577"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cavium:octeon_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cavium:nitrox_v_ssl_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cavium:nitrox_ssl_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cavium:octeon_ssl_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cavium:turbossl_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings:t31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_conect_im:7.24.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings:t32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(3.0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(3.5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(2.0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ace_4710_application_control_engine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(3.0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(3.5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(2.0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ace30_application_control_engine_module:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5520_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5520:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5540_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5550_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5510_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5505_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17428"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "and Craig Young of Tripwire VERT.,Hanno B??ck, Juraj Somorovsky of Ruhr-Universit?\u00a4t Bochum/Hackmanit GmbH",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-577"
}
],
"trust": 0.6
},
"cve": "CVE-2017-17428",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.1,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-17428",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37270",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-108449",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-17428",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17428",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-37270",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-577",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108449",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37270"
},
{
"db": "VULHUB",
"id": "VHN-108449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012893"
},
{
"db": "NVD",
"id": "CVE-2017-17428"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-577"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a \"ROBOT attack\". The CiscoASA family of security appliances protects corporate networks of all sizes. It allows users to use any device, anytime, anywhere for highly secure data access. The Cisco Application Control Engine Module (ACE) family of products for the Cisco Catalyst\\302\\256 6500 delivers the highest levels of application infrastructure control, application performance, application security, and infrastructure simplicity. The Cisco Next-Generation Firewall ASA and the Cisco Application Control Engine ACE have information disclosure vulnerabilities that allow attackers to exploit man-in-the-middle attacks and obtain sensitive information. A successful attack can help to implement further attacks. Multiple Cisco Products are prone to multiple information-disclosure vulnerabilities. \nThese issues are being tracked by Cisco Bug ID\u0027s CSCvg74693 and CSCvg97652. Cavium Nitrox SSL is a security processor for Nitrox. Nitrox V SSL SSL is a security processor for Nitrox V SSL. TurboSSL software development kits (SDKs) are a set of software development kits. A remote attacker could exploit this vulnerability by sending a specially crafted TLS message to the device to decrypt TLS ciphertext data",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17428"
},
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012893"
},
{
"db": "CNVD",
"id": "CNVD-2017-37270"
},
{
"db": "BID",
"id": "102170"
},
{
"db": "VULHUB",
"id": "VHN-108449"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#144389",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2017-17428",
"trust": 3.4
},
{
"db": "BID",
"id": "102170",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1039984",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU92438713",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012893",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-37270",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201712-577",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108449",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "CNVD",
"id": "CNVD-2017-37270"
},
{
"db": "VULHUB",
"id": "VHN-108449"
},
{
"db": "BID",
"id": "102170"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012893"
},
{
"db": "NVD",
"id": "CVE-2017-17428"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-577"
}
]
},
"id": "VAR-201803-0191",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37270"
},
{
"db": "VULHUB",
"id": "VHN-108449"
}
],
"trust": 1.2275894433333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37270"
}
]
},
"last_update_date": "2023-12-18T11:01:45.129000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20171212-bleichenbacher",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher"
},
{
"title": "CVE-2017-17428",
"trust": 0.8,
"url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
},
{
"title": "Patch for Cisco Multiple Product Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/110837"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37270"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012893"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012893"
},
{
"db": "NVD",
"id": "CVE-2017-17428"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher"
},
{
"trust": 2.8,
"url": "https://www.kb.cert.org/vuls/id/144389"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/102170"
},
{
"trust": 1.7,
"url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039984"
},
{
"trust": 0.8,
"url": "https://robotattack.org"
},
{
"trust": 0.8,
"url": "https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-meyer.pdf"
},
{
"trust": 0.8,
"url": "http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf"
},
{
"trust": 0.8,
"url": "https://www.cert.org/historical/advisories/ca-1998-07.cfm"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc5246#section-7.4.7.1"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/203.html"
},
{
"trust": 0.8,
"url": "https://support.citrix.com/article/ctx230238"
},
{
"trust": 0.8,
"url": "https://support.f5.com/csp/article/k21905460"
},
{
"trust": 0.8,
"url": "https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c"
},
{
"trust": 0.8,
"url": "https://github.com/matrixssl/matrixssl/blob/master/doc/changes.md"
},
{
"trust": 0.8,
"url": "https://support.microfocus.com/kb/doc.php?id=7022561"
},
{
"trust": 0.8,
"url": "https://github.com/wolfssl/wolfssl/pull/1229"
},
{
"trust": 0.8,
"url": "https://community.rsa.com/docs/doc-85268"
},
{
"trust": 0.8,
"url": "https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17428"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92438713"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17428"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "CNVD",
"id": "CNVD-2017-37270"
},
{
"db": "VULHUB",
"id": "VHN-108449"
},
{
"db": "BID",
"id": "102170"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012893"
},
{
"db": "NVD",
"id": "CVE-2017-17428"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-577"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "CNVD",
"id": "CNVD-2017-37270"
},
{
"db": "VULHUB",
"id": "VHN-108449"
},
{
"db": "BID",
"id": "102170"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012893"
},
{
"db": "NVD",
"id": "CVE-2017-17428"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-577"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-12T00:00:00",
"db": "CERT/CC",
"id": "VU#144389"
},
{
"date": "2017-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37270"
},
{
"date": "2018-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-108449"
},
{
"date": "2017-12-12T00:00:00",
"db": "BID",
"id": "102170"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012893"
},
{
"date": "2018-03-05T18:29:00.237000",
"db": "NVD",
"id": "CVE-2017-17428"
},
{
"date": "2017-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-577"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-09T00:00:00",
"db": "CERT/CC",
"id": "VU#144389"
},
{
"date": "2017-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37270"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108449"
},
{
"date": "2017-12-19T21:01:00",
"db": "BID",
"id": "102170"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012893"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-17428"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-577"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding",
"sources": [
{
"db": "CERT/CC",
"id": "VU#144389"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-577"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.