3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
72.2%
The Raccoon attack exploits a flaw in the TLS specification which can lead
to an attacker being able to compute the pre-master secret in connections
which have used a Diffie-Hellman (DH) based ciphersuite. In such a case
this would result in the attacker being able to eavesdrop on all encrypted
communications sent over that TLS connection. The attack can only be
exploited if an implementation re-uses a DH secret across multiple TLS
connections. Note that this issue only impacts DH ciphersuites and not ECDH
ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and
no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this
issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
72.2%