7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.042 Low
EPSS
Percentile
92.1%
TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a “ROBOT attack”.
CWE-203: Information Exposure Through Discrepancy
Transport Layer Security (TLS) is a mechanism for a security transport over network connections, and is defined in RFC 5246. TLS may utilize RSA cryptography to secure the connection, and section 7.4.7 describes how client and server may exchange keys. Implementations that don’t closely follow the descriptions in RFC 5246 may leak information to an attacker when they handle PKCS #1 v1.5 padding errors in ways that lets the attacker distinguish between valid and invalid messages. An attacker may utilize discrepancies in TLS error messages to obtain the pre-master secret key private RSA key used by TLS to decrypt sensitive data. This type of attack has become known as a Bleichenbacher attack. CERT/CC previously published CERT Advisory CA-1998-07 for this type of attack.
Some modern cryptographic implementations are vulnerable to Bleichenbacher-style attacks on TLS. While RFC 5246 Section 7.4.7.1 provides advice in order to eliminate discrepancies and defend against Bleichenbacher attacks, implementation-specific error and exception handling may nevertheless re-introduce message discrepancies that act as a cryptographic oracle for a Bleichenbacher-style attack.
More information about the research and affected vendors is available from the researcher’s website.
A remote, unauthenticated attacker may be able to obtain the TLS pre-master secret (TLS session key) and decrypt TLS traffic.
Disable TLS RSA
Affected users and system administrators are encouraged to disable TLS RSA cyphers if possible. Please refer to your product’s documentation or contact the vendor’s customer service.
Apply an update
Some products may have software updates available to address this issue. If an update is available, affected users are encouraged to update product software or firmware. Please see the Affected Vendors list below for more information.
Note for developers
RFC 5246 contains remediation advice for Bleichenbacher-style attacks. Developers are encouraged to review the advice and ensure implementations of TLS or software that utilizes a TLS library does not introduce further message or timing discrepancies that may be used in a Bleichenbacher-style attack.
The Vendor Information section below lists implementations and vendors that have been identified as vulnerable TLS implementations. Separate CVE IDs for each vendor have been assigned due to the implementation-specific nature of the vulnerability.
144389
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: November 15, 2017 Updated: December 14, 2017
Affected
We have not received a statement from the vendor.
Cisco ACE is affected, and assigned CVE-2017-17428
Cisco ASA is affected and assigned CVE-2017-12373
Please see Cisco’s security advisory for full vendor statement.
Notified: November 15, 2017 Updated: December 12, 2017
Statement Date: December 12, 2017
Affected
We have not received a statement from the vendor.
Citrix NetScaler ADC and Gateway - CVE-2017-17382
Updated: December 12, 2017
Affected
We have not received a statement from the vendor.
This vulnerability was assigned CVE-2017-1000385.
Notified: November 15, 2017 Updated: November 20, 2017
Statement Date: November 17, 2017
Affected
F5 Networks made a public announcement of this issue today as CVE-2017-6168 – please see <https://support.f5.com/csp/article/K21905460>
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: December 12, 2017
Statement Date: December 12, 2017
Affected
BouncyCastle TLS servers, when configured to use the JCE (Java
Cryptography Extension) for cryptographic functions, contained a weak
Bleichenbacher oracle when any TLS cipher suite using RSA key exchange
was negotiated. This specifically includes servers using the BCJSSE
provider in its default configuration.
Affected software:
bctls-fips-1.0.2.jar and earlier versions
bctls-jdk15on-1.58.jar and earlier versions
Note that the older TLS implementation (in the
org.bouncycastle.crypto.tls package) is not vulnerable.
For FIPS users, the issue is fixed in
bctls-fips-1.0.3.jar
We recommend all FIPS users upgrade as soon as possible.
For the regular API, version 1.59 containing the fix is expected to be
available before the end of 2017. In the meantime, beta versions
beginning with 1.59b09 contain the fix, and are available from
<https://downloads.bouncycastle.org/betas/> . We recommend users upgrade
immediately to
bctls-jdk15on-159b09.jar
and then upgrade to the full 1.59 release as soon as it is available. If
continuing to deploy vulnerable versions, we strongly recommend
disabling TLS cipher suites that use RSA key exchange.
CVE-2017-13098 was assigned to BouncyCastle.
Notified: November 15, 2017 Updated: December 12, 2017
Affected
We have not received a statement from the vendor.
MatrixSSL was previously known affected in versions prior to 3.8.3, and assigned CVE-2016-6883.
Notified: November 15, 2017 Updated: March 22, 2018
Statement Date: March 22, 2018
Affected
Certain versions of Micro Focus Host Access Management and Security Server, Reflection for the Web, Reflection ZFE and Verastream Software Development Kit for Unisys and Airlines are affected by CVE-2017-13098. Updates which address the issue are available for these products. More information is available at
https://support.microfocus.com/kb/doc.php?id=7022561
.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 12, 2017 Updated: December 12, 2017
Affected
We have not received a statement from the vendor.
Assigned CVE-2017-13099
Notified: November 15, 2017 Updated: November 20, 2017
Statement Date: November 16, 2017
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: December 14, 2017
Statement Date: December 14, 2017
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: November 29, 2017
Statement Date: November 28, 2017
Not Affected
We have not received a statement from the vendor.
EMC does not develop TLS stacks and so is unaffected.
Updated: December 22, 2017
Statement Date: December 22, 2017
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: December 13, 2017
Statement Date: December 13, 2017
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: December 06, 2017
Statement Date: December 06, 2017
Not Affected
iSaSiLk TLS is not affected.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: December 12, 2017
Statement Date: December 12, 2017
Not Affected
We have not received a statement from the vendor.
Microsoft is not affected in default configurations.
Notified: November 15, 2017 Updated: November 20, 2017
Statement Date: November 17, 2017
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: December 13, 2017
Statement Date: November 28, 2017
Not Affected
RSA BSAFE TLS stacks are not vulnerable to the reported vulnerability.
Please see the statement below. The URL requires RSA Link Support credentials.
Updated: March 22, 2018
Statement Date: March 22, 2018
Not Affected
We have not received a statement from the vendor.
The following products are NOT impacted, please see the vendor's security advisory for more information.
VMware ESXi Site Recovery Manager vCloud Director for Service Providers vRealize Automation vRealize Business for Cloud vRealize Orchestrator vRealize Operations
Notified: November 15, 2017 Updated: December 08, 2017
Statement Date: December 07, 2017
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: December 12, 2017 Updated: December 12, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: December 12, 2017 Updated: December 12, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: December 12, 2017 Updated: December 12, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: December 18, 2017
Statement Date: December 15, 2017
Unknown
We have not received a statement from the vendor.
According to the reporter, Java/JSSE were previously known vulnerable in 2012 and assigned CVE-2012-5081. We do not currently have any verification that CVE-2012-5081 was a Bleichenbacher-style vulnerability, but the vulnerability was resolved in 2012 in any case. Please ensure you are using the release of any products since 2012.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: December 12, 2017 Updated: December 12, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
We have not received a statement from the vendor.
Notified: December 12, 2017 Updated: December 12, 2017
Unknown
We have not received a statement from the vendor.
Notified: December 12, 2017 Updated: December 12, 2017
Unknown
We have not received a statement from the vendor.
View all 42 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 7.1 | AV:N/AC:M/Au:N/C:C/I:N/A:N |
Temporal | 5.6 | E:POC/RL:OF/RC:C |
Environmental | 4.2 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Hanno Boeck, Juraj Somorovsky of Ruhr-Universität Bochum / Hackmanit GmbH, and Craig Young of Tripwire VERT for reporting this vulnerability.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2017-6168, CVE-2017-1000385, CVE-2017-17427, CVE-2017-13098, CVE-2017-13099, CVE-2017-17428, CVE-2017-17382, CVE-2012-5081, CVE-2016-6883 |
---|---|
Date Public: | 2017-12-12 Date First Published: |
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.042 Low
EPSS
Percentile
92.1%