CVE-2017-17428 — Use of a Broken or Risky Cryptographic Algorithm in Nitrox SSL SDK

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

77.0%

top 1.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cavium Nitrox SSL SDK Cavium Nitrox V SSL SDK Cavium Octeon SDK +11 more

Timeline

PublishedMar 5

Latest updateMay 13

Description

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages14 packages

▶NVDcavium/nitrox_ssl_sdk6.1.0

▶NVDcavium/nitrox_v_ssl_sdk1.2

▶NVDcavium/turbossl_sdk1.0

▶NVDcavium/octeon_sdk1.7.2

▶NVDcavium/octeon_ssl_sdk1.5.0

🔴Vulnerability Details

GHSA

GHSA-gw93-27cv-rc7m: Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a B↗2022-05-13

▶

CVEList

CVE-2017-17428: Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a B↗2018-03-05

▶

📋Vendor Advisories

Cisco

Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017↗2017-12-12

▶