CVE-2020-1968

CWE-203CWE-385CWE-200Information ExposureCWE-32616 documents9 sources
Severity
3.7LOW
EPSS
1.3%
top 20.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Fujitsu M10-1 FirmwareFujitsu M10-4 FirmwareFujitsu M10-4s Firmware+12 more
Timeline
PublishedSep 9
Latest updateSep 18

Description

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites a

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages17 packages

Debianopenssl< 1.1.0c-1+3
Ubuntuopenssl< 1.0.2g-1ubuntu4.17+1
Ubuntuopenssl1.0< 1.0.2n-1ubuntu5.4
NVDopenssl/openssl1.0.21.0.2v
CVEListV5openssl/opensslFixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)

Also affects: Debian Linux 9.0, Ubuntu Linux 16.04, 18.04

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
OSV
openssl vulnerabilities2024-09-18
GHSA
GHSA-mh8f-5gw2-5wgh: The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections w2022-05-24
OSV
openssl, openssl1.0 vulnerabilities2020-09-16
OSV
CVE-2020-1968: The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections w2020-09-09
CVEList
Raccoon attack2020-09-09

📋Vendor Advisories

7
Ubuntu
OpenSSL vulnerabilities2024-09-18
Oracle
Oracle Oracle Systems Risk Matrix: Firmware (OpenSSL) — CVE-2020-19682022-04-15
Oracle
Oracle Oracle Systems Risk Matrix: Firmware (OpenSSL) — CVE-2020-19682021-10-15
Oracle
Oracle Oracle PeopleSoft Risk Matrix: Security (OpenSSL) — CVE-2020-19682021-01-15
Ubuntu
OpenSSL vulnerabilities2020-09-16

💬Community

3
Bugzilla
CVE-2020-1968 openssl11: openssl: Information exposure when DH secret are reused across multiple TLS connections [epel-7]2020-09-09
Bugzilla
CVE-2020-1968 openssl: Information exposure when DH secret are reused across multiple TLS connections2020-09-09
Bugzilla
CVE-2020-1968 openssl: Information exposure when DH secret are reused across multiple TLS connections [fedora-all]2020-09-09
CVE-2020-1968 (LOW CVSS 3.7) | The Raccoon attack exploits a flaw | cvebase.io