Symantec Network Protection products using affected SSL/TLS server implementations and RSA key exchange are susceptible to a variation of the Bleichenbacher adaptive chosen ciphertext attack. A remote attacker, who has captured a pre-recorded encrypted SSL session to the target, can establish a large number of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.
CVE |Affected Version(s)|Remediation
All CVEs | 3.3 | Upgrade to a version of NetDialog NetX with fixes.
CVE |Affected Version(s)|Remediation
All CVEs | 4.0 and later | Not vulnerable
3.12 | Upgrade to 3.12.2.1.
3.11 | Upgrade to later release with fixes.
3.10 | Upgrade to 3.10.4.1.
3.8.4FC | Upgrade to later release with fixes.
SSLV is only vulnerable when intercepting SSL/TLS traffic that uses RSA key exchange.
In the original Bleichenbacher attack, a remote attacker, who has recorded or obtained a pre-recorded encrypted SSL session, can exploit the padding oracle flaw in an SSL/TLS server by establishing a large number of crafted SSL connections. With each connection, the server leaks a small amount of information about the original secret in the pre-recorded session. After approximately one million crafted connections to the server, the Bleichenbacher attacker can recover the original secret, compute the session keys and decrypt the encrypted data exchanged during the pre-recorded session.
The ROBOT attack is a new variation of the Bleichenbacker attack that uses modified attack vectors to discover padding oracles in SSL server implementations. The ROBOT attack classifies padding oracles as follows:
Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) References| SecurityFocus: BID 104163 / NVD: CVE-2017-15533 Impact| Information disclosure Description | Weak padding oracle flaw in SSLV 3.x when intercepting SSL/TLS traffic.
Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) References| SecurityFocus: BID 104164 / NVD: CVE-2017-18268 Impact| Information disclosure Description | Strong padding oracle flaw in the IntelligenceCenter 3.3 management web UI
The ROBOT attack is only possible on SSL sessions established using RSA key exchange. Disabling RSA key exchange cipher suites on SSL/TLS servers behind SSLV and enabling only cipher suites using DHE and ECDHE key exchange prevents this attack.
The ROBOT Attack - <https://robotattack.org/>
CERT Vulnerability Note VU#144389 - <https://www.kb.cert.org/vuls/id/144389>
2019-08-23 Advisory Status moved to Closed.
2019-08-20 A fix for IntelligenceCenter (IC) 3.3 will not be provided. NetDialog NetX is a replacement product for IntelligenceCenter. Please switch to a version of NetX with the vulnerability fixes.
2018-05-16 initial public release
CPE | Name | Operator | Version |
---|---|---|---|
intelligencecenter (ic) | eq | 3 | |
ssl visibility (sslv) | eq | 4 | |
ssl visibility (sslv) | eq | 3 | |
ssl visibility (sslv) | eq | 3 | |
ssl visibility (sslv) | eq | 3 | |
ssl visibility (sslv) | eq | 3 |