Lucene search

[email protected]CVE-2017-17428

HistoryMar 05, 2018 - 6:29 p.m.

CVE-2017-17428

2018-03-0518:29:00

CWE-327

[email protected]

web.nvd.nist.gov

cavium nitrox

nitrox v

turbossl

sdks

cve-2017-17428

robot attack

bleichenbacher rsa padding oracle

nvd

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Affected configurations

NVD

Node

caviumnitrox_ssl_sdkRange≤6.1.0

caviumnitrox_v_ssl_sdkRange≤1.2

caviumocteon_sdkRange≤1.7.2

caviumocteon_ssl_sdkRange≤1.5.0

caviumturbossl_sdkRange≤1.0

Node

ciscowebex_conect_imMatch7.24.1

ciscowebex_meetingsMatcht31

ciscowebex_meetingsMatcht32

Node

ciscoace4710_application_control_engine_firmwareMatch3.0\(0\)a5\(2.0\)

ciscoace4710_application_control_engine_firmwareMatch3.0\(0\)a5\(3.0\)

ciscoace4710_application_control_engine_firmwareMatch3.0\(0\)a5\(3.5\)

AND

ciscoace_4710_application_control_engineMatch-

Node

ciscoace30_application_control_engine_module_firmwareMatch3.0\(0\)a5\(2.0\)

ciscoace30_application_control_engine_module_firmwareMatch3.0\(0\)a5\(3.0\)

ciscoace30_application_control_engine_module_firmwareMatch3.0\(0\)a5\(3.5\)

AND

ciscoace30_application_control_engine_moduleMatch-

Node

ciscoadaptive_security_appliance_5520_firmwareMatch9.1\(7.16\)

AND

ciscoadaptive_security_appliance_5520Match-

Node

ciscoadaptive_security_appliance_5540_firmwareMatch9.1\(7.16\)

AND

ciscoadaptive_security_appliance_5540Match-

Node

ciscoadaptive_security_appliance_5550_firmwareMatch9.1\(7.16\)

AND

ciscoadaptive_security_appliance_5550Match-

Node

ciscoadaptive_security_appliance_5510_firmwareMatch9.1\(7.16\)

AND

ciscoadaptive_security_appliance_5510Match-

Node

ciscoadaptive_security_appliance_5505_firmwareMatch9.1\(7.16\)

AND

ciscoadaptive_security_appliance_5505Match-

CPENameOperatorVersion
cavium:nitrox_ssl_sdkcavium nitrox ssl sdkle6.1.0
cavium:nitrox_v_ssl_sdkcavium nitrox v ssl sdkle1.2
cavium:octeon_sdkcavium octeon sdkle1.7.2
cavium:octeon_ssl_sdkcavium octeon ssl sdkle1.5.0
cavium:turbossl_sdkcavium turbossl sdkle1.0

CPE	Name	Operator	Version
cavium:nitrox_ssl_sdk	cavium nitrox ssl sdk	le	6.1.0
cavium:nitrox_v_ssl_sdk	cavium nitrox v ssl sdk	le	1.2
cavium:octeon_sdk	cavium octeon sdk	le	1.7.2
cavium:octeon_ssl_sdk	cavium octeon ssl sdk	le	1.5.0
cavium:turbossl_sdk	cavium turbossl sdk	le	1.0