ID CVE-2017-12373
Summary A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.
References
Vulnerable Configurations
  • cpe:2.3:o:cisco:adaptive_security_appliance_5505_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:adaptive_security_appliance_5505_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:adaptive_security_appliance_5505:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:adaptive_security_appliance_5505:-:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:adaptive_security_appliance_5510_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:adaptive_security_appliance_5510_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:adaptive_security_appliance_5510:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:adaptive_security_appliance_5510:-:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:adaptive_security_appliance_5520_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:adaptive_security_appliance_5520_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:adaptive_security_appliance_5520:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:adaptive_security_appliance_5520:-:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:adaptive_security_appliance_5540_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:adaptive_security_appliance_5540_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:adaptive_security_appliance_5540:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:adaptive_security_appliance_5540:-:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:adaptive_security_appliance_5550_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:adaptive_security_appliance_5550_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:adaptive_security_appliance_5550:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:adaptive_security_appliance_5550:-:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 09-10-2019 - 23:23)
Impact:
Exploitability:
CWE CWE-203
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
bid 102170
confirm https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
Last major update 09-10-2019 - 23:23
Published 15-12-2017 - 20:29
Last modified 09-10-2019 - 23:23
Back to Top