CVE-2017-17428
published 2018-03-05CVE-2017-17428: Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a…
PriorityP338medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
15.01%
96.3th percentile
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cavium | nitrox_ssl_sdk | <= 6.1.0 | — |
| cavium | nitrox_v_ssl_sdk | <= 1.2 | — |
| cavium | octeon_sdk | <= 1.7.2 | — |
| cavium | octeon_ssl_sdk | <= 1.5.0 | — |
| cavium | turbossl_sdk | <= 1.0 | — |
| cisco | ace30_application_control_engine_module_firmware | — | — |
| cisco | ace30_application_control_engine_module_firmware | — | — |
| cisco | ace30_application_control_engine_module_firmware | — | — |
| cisco | ace4710_application_control_engine_firmware | — | — |
| cisco | ace4710_application_control_engine_firmware | — | — |
| cisco | ace4710_application_control_engine_firmware | — | — |
| cisco | adaptive_security_appliance_5505_firmware | — | — |
| cisco | adaptive_security_appliance_5510_firmware | — | — |
| cisco | adaptive_security_appliance_5520_firmware | — | — |
| cisco | adaptive_security_appliance_5540_firmware | — | — |
| cisco | adaptive_security_appliance_5550_firmware | — | — |
| cisco | webex_conect_im | — | — |
| cisco | webex_meetings | — | — |
| cisco | webex_meetings | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring for a high volume of TLS connections to a server, potentially ranging from hundreds of thousands to millions of connections, which is characteristic of a Bleichenbacher oracle attack. ↗
- →Alert on iterative RSA key exchange queries to a TLS server, which indicate an attacker performing cryptanalytic operations consistent with a Bleichenbacher (ROBOT) attack. ↗
- ·Exploitation requires the attacker to both capture traffic between clients and the affected TLS server AND actively establish a large number of TLS connections. Both conditions must be met for a successful attack. ↗
- ·Multiple Cisco products are affected (tracked under Bug IDs CSCvg74693, CSCvg97652, CSCvh00296). Affected products use Cavium Nitrox SSL, Nitrox V SSL, or TurboSSL SDKs. Verify SDK usage in your TLS stack. ↗
- ·Workarounds may be available for selected Cisco products; consult the Cisco advisory. Software updates have been released for some but not all affected products. ↗
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:C/I:N/A:N
vendor_cisco5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gw93-27cv-rc7m: Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a B
ghsa_unreviewed·2022-05-13
CVE-2017-17428 [HIGH] CWE-327 GHSA-gw93-27cv-rc7m: Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a B
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
Cisco
Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
vendor_cisco·2017-12-12·CVSS 5.3
CVE-2017-12373 [MEDIUM] CWE-200 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
On December 12, 2017, a research paper with the title Return of Bleichenbacher's Oracle Threat was made publicly available. This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbacher attack on RSA key exchange. Multiple vulnerabilities were identified based on this research.
An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.
To exploit these vulnerabilities, an attacker must be able to perform both of the following actions:
Capture traffic between clients and the affected TLS server.
Actively establish a considerab
Cisco
Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
vendor_cisco·CVSS 3.0
CVE-2017-17428 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
CVE-2017-17428: Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
On December 12, 2017, a research paper with the title Return of Bleichenbacher's Oracle Threat was made publicly available. This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbacher attack on RSA key exchange. Multiple vulnerabilities were identified based on this research. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. To exploit these vulnerabilities, an attacker must be able to perform both of the following actions: Capture traffic between clients and the affected TLS server. Actively establish
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/102170http://www.securitytracker.com/id/1039984https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacherhttps://www.cavium.com/security-advisory-cve-2017-17428.htmlhttps://www.kb.cert.org/vuls/id/144389http://www.securityfocus.com/bid/102170http://www.securitytracker.com/id/1039984https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacherhttps://www.cavium.com/security-advisory-cve-2017-17428.htmlhttps://www.kb.cert.org/vuls/id/144389
2018-03-05
Published