cbcvebase.
CVE-2017-17428
published 2018-03-05

CVE-2017-17428: Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a…

PriorityP338medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
15.01%
96.3th percentile
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Affected

19 ranges
VendorProductVersion rangeFixed in
caviumnitrox_ssl_sdk<= 6.1.0
caviumnitrox_v_ssl_sdk<= 1.2
caviumocteon_sdk<= 1.7.2
caviumocteon_ssl_sdk<= 1.5.0
caviumturbossl_sdk<= 1.0
ciscoace30_application_control_engine_module_firmware
ciscoace30_application_control_engine_module_firmware
ciscoace30_application_control_engine_module_firmware
ciscoace4710_application_control_engine_firmware
ciscoace4710_application_control_engine_firmware
ciscoace4710_application_control_engine_firmware
ciscoadaptive_security_appliance_5505_firmware
ciscoadaptive_security_appliance_5510_firmware
ciscoadaptive_security_appliance_5520_firmware
ciscoadaptive_security_appliance_5540_firmware
ciscoadaptive_security_appliance_5550_firmware
ciscowebex_conect_im
ciscowebex_meetings
ciscowebex_meetings

Detection & IOCsextracted from sources · hover to see the quote

  • Detect exploitation attempts by monitoring for a high volume of TLS connections to a server, potentially ranging from hundreds of thousands to millions of connections, which is characteristic of a Bleichenbacher oracle attack.
  • Alert on iterative RSA key exchange queries to a TLS server, which indicate an attacker performing cryptanalytic operations consistent with a Bleichenbacher (ROBOT) attack.
  • ·Exploitation requires the attacker to both capture traffic between clients and the affected TLS server AND actively establish a large number of TLS connections. Both conditions must be met for a successful attack.
  • ·Multiple Cisco products are affected (tracked under Bug IDs CSCvg74693, CSCvg97652, CSCvh00296). Affected products use Cavium Nitrox SSL, Nitrox V SSL, or TurboSSL SDKs. Verify SDK usage in your TLS stack.
  • ·Workarounds may be available for selected Cisco products; consult the Cisco advisory. Software updates have been released for some but not all affected products.

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:C/I:N/A:N
vendor_cisco5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.