Lucene search

K
cve[email protected]CVE-2017-12373
HistoryDec 15, 2017 - 8:29 p.m.

CVE-2017-12373

2017-12-1520:29:00
CWE-200
CWE-203
web.nvd.nist.gov
70
vulnerability
tls protocol
cisco asa 5500 series
remote attacker
robot attack
cryptanalytic operations
nvd
cve-2017-12373

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher’s Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.

Affected configurations

NVD
Node
ciscoadaptive_security_appliance_5505_firmwareMatch-
AND
ciscoadaptive_security_appliance_5505Match-
Node
ciscoadaptive_security_appliance_5510_firmwareMatch-
AND
ciscoadaptive_security_appliance_5510Match-
Node
ciscoadaptive_security_appliance_5520_firmwareMatch-
AND
ciscoadaptive_security_appliance_5520Match-
Node
ciscoadaptive_security_appliance_5540_firmwareMatch-
AND
ciscoadaptive_security_appliance_5540Match-
Node
ciscoadaptive_security_appliance_5550_firmwareMatch-
AND
ciscoadaptive_security_appliance_5550Match-

CNA Affected

[
  {
    "product": "Cisco legacy ASA 5500 products TLS protocol implementation",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco legacy ASA 5500 products TLS protocol implementation"
      }
    ]
  }
]

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%