Lucene search

[email protected]CVE-2017-12373

HistoryDec 15, 2017 - 8:29 p.m.

CVE-2017-12373

2017-12-1520:29:00

CWE-200

CWE-203

[email protected]

web.nvd.nist.gov

vulnerability

tls protocol

cisco asa 5500 series

remote attacker

robot attack

cryptanalytic operations

nvd

cve-2017-12373

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

JSON

A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher’s Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.

Affected configurations

NVD

Node

ciscoadaptive_security_appliance_5505_firmwareMatch-

AND

ciscoadaptive_security_appliance_5505Match-

Node

ciscoadaptive_security_appliance_5510_firmwareMatch-

AND

ciscoadaptive_security_appliance_5510Match-

Node

ciscoadaptive_security_appliance_5520_firmwareMatch-

AND

ciscoadaptive_security_appliance_5520Match-

Node

ciscoadaptive_security_appliance_5540_firmwareMatch-

AND

ciscoadaptive_security_appliance_5540Match-

Node

ciscoadaptive_security_appliance_5550_firmwareMatch-

AND

ciscoadaptive_security_appliance_5550Match-

CPENameOperatorVersion
cisco:adaptive_security_appliance_5505_firmwarecisco adaptive security appliance 5505 firmwareeq-

CPE	Name	Operator	Version
cisco:adaptive_security_appliance_5505_firmware	cisco adaptive security appliance 5505 firmware	eq	-

CNA Affected

[
  {
    "product": "Cisco legacy ASA 5500 products TLS protocol implementation",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco legacy ASA 5500 products TLS protocol implementation"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102170

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

JSON

Related for CVE-2017-12373

nvd1 prion1 cvelist1 cisco1 nessus1 cert1 checkpoint_advisories1