CVE-2017-12373
published 2017-12-15CVE-2017-12373: A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an…
PriorityP342medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
12.80%
95.8th percentile
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect iterative TLS RSA key exchange connections from a single source — exploitation requires hundreds of thousands to millions of TLS connections to the target server ↗
- →Scope detection to legacy Cisco ASA 5500 Series devices (ASA 5505, 5510, 5520, 5540, 5550) acting as TLS servers using RSA key exchange — these are the affected endpoints for CVE-2017-12373 (Bug ID CSCvg97652) ↗
- →Alert on unauthenticated remote sources repeatedly initiating TLS handshakes with RSA key exchange to the same server — this is the prerequisite attacker action for a ROBOT (Return of Bleichenbacher's Oracle Threat) attack ↗
- ·Exploitation requires a two-phase attack: passive traffic capture AND active iterative TLS connection establishment. Detection of either phase alone is insufficient to confirm exploitation. ↗
- ·CVE-2017-12373 is specifically scoped to legacy ASA 5500 Series hardware (5505, 5510, 5520, 5540, 5550); other Cisco products are tracked under separate Bug IDs (CSCvg74693, CSCvh00296) and may have different fix availability. ↗
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_cisco5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
vendor_cisco·2017-12-12·CVSS 5.3
CVE-2017-12373 [MEDIUM] CWE-200 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
On December 12, 2017, a research paper with the title Return of Bleichenbacher's Oracle Threat was made publicly available. This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbacher attack on RSA key exchange. Multiple vulnerabilities were identified based on this research.
An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.
To exploit these vulnerabilities, an attacker must be able to perform both of the following actions:
Capture traffic between clients and the affected TLS server.
Actively establish a considerab
Cisco
Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
vendor_cisco·CVSS 3.0
CVE-2017-12373 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
CVE-2017-12373: Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
On December 12, 2017, a research paper with the title Return of Bleichenbacher's Oracle Threat was made publicly available. This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbacher attack on RSA key exchange. Multiple vulnerabilities were identified based on this research. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. To exploit these vulnerabilities, an attacker must be able to perform both of the following actions: Capture traffic between clients and the affected TLS server. Actively establish
GHSA
GHSA-3q2f-qcg5-6425: A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unaut
ghsa_unreviewed·2022-05-13
CVE-2017-12373 [MEDIUM] CWE-200 GHSA-3q2f-qcg5-6425: A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unaut
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-12-15
Published