CVE-2015-5738

CWE-200 — Information Exposure5 documents5 sources

Severity

7.5HIGH

EPSS

0.8%

top 25.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Traffix Signaling Delivery Controller Marvell Software Development KIT

Timeline

PublishedJul 26

Latest updateMay 13

Description

The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDmarvell/software_development_kit2.0

▶NVDf5/traffix_signaling_delivery_controller3.3.2 — 3.5.1+1

🔴Vulnerability Details

GHSA

GHSA-rf7q-m4h8-9j2r: The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2↗2022-05-13

▶

CVEList

CVE-2015-5738: The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2↗2016-07-26

▶

📋Vendor Advisories

Microsoft

The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS) makes it easier for remote↗2016-07-12

▶

Debian

CVE-2015-5738: openssl - The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, whe...↗2015

▶