Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities by cavium

    VAR-201607-0468

    Vulnerability from variot - Updated: 2023-12-18 12:57

    The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. GNU Libgcrypt is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information or impersonate trusted servers. Successful exploits will lead to other attacks. Cavium Development Kits (CDK) is a set of development kits from Cavium Corporation in the United States. Cavium Software Development Kit (SDK) is one of the software development kits. There are security vulnerabilities in the RSA-CRT implementation process in Cavium SDK version 2.x

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0468",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "traffix signaling delivery controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "4.0.0"
          },
          {
            "model": "traffix signaling delivery controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "4.4.0"
          },
          {
            "model": "traffix signaling delivery controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "3.3.2"
          },
          {
            "model": "traffix signaling delivery controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "3.5.1"
          },
          {
            "model": "software development kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "marvell",
            "version": "2.0"
          },
          {
            "model": "software development kit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cavium",
            "version": "2.x"
          },
          {
            "model": "octeon ii cn6860",
            "scope": null,
            "trust": 0.8,
            "vendor": "cavium",
            "version": null
          },
          {
            "model": "octeon ii cn6870",
            "scope": null,
            "trust": 0.8,
            "vendor": "cavium",
            "version": null
          },
          {
            "model": "octeon ii cn6880",
            "scope": null,
            "trust": 0.8,
            "vendor": "cavium",
            "version": null
          },
          {
            "model": "fortios",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "fortinet",
            "version": "5.0.13"
          },
          {
            "model": "fortios",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "fortinet",
            "version": "5.2.6"
          },
          {
            "model": "fortios",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "fortinet",
            "version": "5.4.0"
          },
          {
            "model": "software development kit",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cavium",
            "version": "2.0"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007219"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-430"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:marvell:software_development_kit:2.0:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:marvell:octeon_ii_cn6000:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:marvell:octeon_ii_cn6010:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:marvell:octeon_ii_cn6020:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.4.0",
                    "versionStartIncluding": "4.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5.1",
                    "versionStartIncluding": "3.3.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-5738"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "76704"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-5738",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": true,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.8,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2015-5738",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-83699",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-5738",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2015-5738",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2015-5738",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201509-430",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-83699",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-5738",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5738"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007219"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-430"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. GNU Libgcrypt is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to obtain sensitive information or impersonate trusted servers. Successful exploits will lead to other attacks. Cavium Development Kits (CDK) is a set of development kits from Cavium Corporation in the United States. Cavium Software Development Kit (SDK) is one of the software development kits. There are security vulnerabilities in the RSA-CRT implementation process in Cavium SDK version 2.x",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-5738"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007219"
          },
          {
            "db": "BID",
            "id": "76704"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5738"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-5738",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "76704",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007219",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-430",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-83699",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5738",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5738"
          },
          {
            "db": "BID",
            "id": "76704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007219"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-430"
          }
        ]
      },
      "id": "VAR-201607-0468",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83699"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T12:57:37.054000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "OCTEON II CN68XX",
            "trust": 0.8,
            "url": "http://www.cavium.com/table.html#octeonii"
          },
          {
            "title": "RSA-CRT key leak under certain conditions",
            "trust": 0.8,
            "url": "http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions"
          },
          {
            "title": "Factoring RSA Keys With TLS Perfect Forward Secrecy",
            "trust": 0.8,
            "url": "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf"
          },
          {
            "title": "SOL91245485",
            "trust": 0.8,
            "url": "https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html"
          },
          {
            "title": "CVE-Study",
            "trust": 0.1,
            "url": "https://github.com/thdusdl1219/cve-study "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-5738"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007219"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007219"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5738"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions"
          },
          {
            "trust": 1.8,
            "url": "https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html"
          },
          {
            "trust": 1.8,
            "url": "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5738"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5738"
          },
          {
            "trust": 0.7,
            "url": "http://www.securityfocus.com/bid/76704"
          },
          {
            "trust": 0.3,
            "url": "https://www.gnu.org/software/libgcrypt/"
          },
          {
            "trust": 0.3,
            "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/oss-sec/2015/q3/522"
          },
          {
            "trust": 0.3,
            "url": "http://arstechnica.com/security/2015/09/serious-bug-causes-quite-a-few-https-sites-to-reveal-their-private-keys/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/200.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/thdusdl1219/cve-study"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5738"
          },
          {
            "db": "BID",
            "id": "76704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007219"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-430"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-83699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5738"
          },
          {
            "db": "BID",
            "id": "76704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007219"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-430"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-07-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-83699"
          },
          {
            "date": "2016-07-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-5738"
          },
          {
            "date": "2015-09-08T00:00:00",
            "db": "BID",
            "id": "76704"
          },
          {
            "date": "2016-08-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007219"
          },
          {
            "date": "2016-07-26T17:59:00.137000",
            "db": "NVD",
            "id": "CVE-2015-5738"
          },
          {
            "date": "2015-09-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201509-430"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-83699"
          },
          {
            "date": "2023-08-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-5738"
          },
          {
            "date": "2016-07-06T14:42:00",
            "db": "BID",
            "id": "76704"
          },
          {
            "date": "2016-08-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007219"
          },
          {
            "date": "2023-08-16T14:17:11.363000",
            "db": "NVD",
            "id": "CVE-2015-5738"
          },
          {
            "date": "2016-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201509-430"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-430"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cavium Software Development Kit of  RSA-CRT In the implementation of  RSA Vulnerability to obtain a private key",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007219"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-430"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-0191

    Vulnerability from variot - Updated: 2023-12-18 11:01

    Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a "ROBOT attack". The CiscoASA family of security appliances protects corporate networks of all sizes. It allows users to use any device, anytime, anywhere for highly secure data access. The Cisco Application Control Engine Module (ACE) family of products for the Cisco Catalyst\302\256 6500 delivers the highest levels of application infrastructure control, application performance, application security, and infrastructure simplicity. The Cisco Next-Generation Firewall ASA and the Cisco Application Control Engine ACE have information disclosure vulnerabilities that allow attackers to exploit man-in-the-middle attacks and obtain sensitive information. A successful attack can help to implement further attacks. Multiple Cisco Products are prone to multiple information-disclosure vulnerabilities. These issues are being tracked by Cisco Bug ID's CSCvg74693 and CSCvg97652. Cavium Nitrox SSL is a security processor for Nitrox. Nitrox V SSL SSL is a security processor for Nitrox V SSL. TurboSSL software development kits (SDKs) are a set of software development kits. A remote attacker could exploit this vulnerability by sending a specially crafted TLS message to the device to decrypt TLS ciphertext data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-0191",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ace series application control engine appliances 3.0 a5",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "cisco",
            "version": "4700"
          },
          {
            "model": "ace4710 application control engine",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "3.0\\(0\\)a5\\(3.0\\)"
          },
          {
            "model": "ace30 application control engine module",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "3.0\\(0\\)a5\\(3.0\\)"
          },
          {
            "model": "ace30 application control engine module",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "3.0\\(0\\)a5\\(2.0\\)"
          },
          {
            "model": "ace4710 application control engine",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "3.0\\(0\\)a5\\(3.5\\)"
          },
          {
            "model": "ace30 application control engine module",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "3.0\\(0\\)a5\\(3.5\\)"
          },
          {
            "model": "adaptive security appliance 5520",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "9.1\\(7.16\\)"
          },
          {
            "model": "adaptive security appliance 5540",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "9.1\\(7.16\\)"
          },
          {
            "model": "ace30 application control engine module",
            "scope": null,
            "trust": 1.4,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "adaptive security appliance 5505",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "9.1\\(7.16\\)"
          },
          {
            "model": "ace4710 application control engine",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "3.0\\(0\\)a5\\(2.0\\)"
          },
          {
            "model": "webex meetings",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "t31"
          },
          {
            "model": "adaptive security appliance 5510",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "9.1\\(7.16\\)"
          },
          {
            "model": "nitrox ssl sdk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cavium",
            "version": "6.1.0"
          },
          {
            "model": "webex meetings",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "t32"
          },
          {
            "model": "turbossl sdk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cavium",
            "version": "1.0"
          },
          {
            "model": "adaptive security appliance 5550",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "9.1\\(7.16\\)"
          },
          {
            "model": "nitrox v ssl sdk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cavium",
            "version": "1.2"
          },
          {
            "model": "octeon sdk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cavium",
            "version": "1.7.2"
          },
          {
            "model": "webex conect im",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "7.24.1"
          },
          {
            "model": "octeon ssl sdk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cavium",
            "version": "1.5.0"
          },
          {
            "model": "asa series firewalls",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "cisco",
            "version": "5500-x9.1(7.16)"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "citrix",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "erlang",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "legion of the bouncy castle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "matrixssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "micro focus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "wolfssl",
            "version": null
          },
          {
            "model": "nitrox ssl sdk",
            "scope": null,
            "trust": 0.8,
            "vendor": "cavium",
            "version": null
          },
          {
            "model": "nitrox v ssl sdk",
            "scope": null,
            "trust": 0.8,
            "vendor": "cavium",
            "version": null
          },
          {
            "model": "octeon sdk",
            "scope": null,
            "trust": 0.8,
            "vendor": "cavium",
            "version": null
          },
          {
            "model": "octeon ssl sdk",
            "scope": null,
            "trust": 0.8,
            "vendor": "cavium",
            "version": null
          },
          {
            "model": "turbossl sdk",
            "scope": null,
            "trust": 0.8,
            "vendor": "cavium",
            "version": null
          },
          {
            "model": "ace 4710 application control engine",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "adaptive security appliance 5505",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "adaptive security appliance 5510",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "adaptive security appliance 5520",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "adaptive security appliance 5540",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "adaptive security appliance 5550",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "webex connect im",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "webex meetings",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "asa series adaptive security appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "5540"
          },
          {
            "model": "asa series adaptive security appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "5520"
          },
          {
            "model": "asa series adaptive security appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "5510"
          },
          {
            "model": "asa series adaptive security appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "5505"
          },
          {
            "model": "adaptive security appliance series",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "5500-x"
          },
          {
            "model": "ace application control engine",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "4710"
          },
          {
            "model": "asa series adaptive security appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "55400"
          },
          {
            "model": "asa series adaptive security appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "55200"
          },
          {
            "model": "asa series adaptive security appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "55100"
          },
          {
            "model": "asa series adaptive security appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "55050"
          },
          {
            "model": "adaptive security appliance series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5500-x0"
          },
          {
            "model": "ace30 application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ace application control engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "47100"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#144389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37270"
          },
          {
            "db": "BID",
            "id": "102170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012893"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17428"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-577"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cavium:octeon_sdk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.7.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cavium:nitrox_v_ssl_sdk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cavium:nitrox_ssl_sdk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cavium:octeon_ssl_sdk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.5.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cavium:turbossl_sdk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings:t31:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webex_conect_im:7.24.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings:t32:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(3.0\\):*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(3.5\\):*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:ace4710_application_control_engine_firmware:3.0\\(0\\)a5\\(2.0\\):*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:ace_4710_application_control_engine:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(3.0\\):*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(3.5\\):*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:ace30_application_control_engine_module_firmware:3.0\\(0\\)a5\\(2.0\\):*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:ace30_application_control_engine_module:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5520_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5520:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5540_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5540:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5550_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5550:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5510_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5510:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_5505_firmware:9.1\\(7.16\\):*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5505:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17428"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "and Craig Young of Tripwire VERT.,Hanno B??ck, Juraj Somorovsky of Ruhr-Universit?\u00a4t Bochum/Hackmanit GmbH",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-577"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-17428",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.1,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-17428",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-37270",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-108449",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-17428",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-17428",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-37270",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-577",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-108449",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012893"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17428"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-577"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a \"ROBOT attack\". The CiscoASA family of security appliances protects corporate networks of all sizes. It allows users to use any device, anytime, anywhere for highly secure data access. The Cisco Application Control Engine Module (ACE) family of products for the Cisco Catalyst\\302\\256 6500 delivers the highest levels of application infrastructure control, application performance, application security, and infrastructure simplicity. The Cisco Next-Generation Firewall ASA and the Cisco Application Control Engine ACE have information disclosure vulnerabilities that allow attackers to exploit man-in-the-middle attacks and obtain sensitive information. A successful attack can help to implement further attacks. Multiple Cisco Products are prone to multiple information-disclosure vulnerabilities. \nThese issues are being tracked by Cisco Bug ID\u0027s CSCvg74693 and CSCvg97652. Cavium Nitrox SSL is a security processor for Nitrox. Nitrox V SSL SSL is a security processor for Nitrox V SSL. TurboSSL software development kits (SDKs) are a set of software development kits. A remote attacker could exploit this vulnerability by sending a specially crafted TLS message to the device to decrypt TLS ciphertext data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17428"
          },
          {
            "db": "CERT/CC",
            "id": "VU#144389"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012893"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37270"
          },
          {
            "db": "BID",
            "id": "102170"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108449"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#144389",
            "trust": 3.6
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17428",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "102170",
            "trust": 2.6
          },
          {
            "db": "SECTRACK",
            "id": "1039984",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU92438713",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012893",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37270",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-577",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-108449",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#144389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108449"
          },
          {
            "db": "BID",
            "id": "102170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012893"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17428"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-577"
          }
        ]
      },
      "id": "VAR-201803-0191",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108449"
          }
        ],
        "trust": 1.2275894433333332
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37270"
          }
        ]
      },
      "last_update_date": "2023-12-18T11:01:45.129000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20171212-bleichenbacher",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher"
          },
          {
            "title": "CVE-2017-17428",
            "trust": 0.8,
            "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
          },
          {
            "title": "Patch for Cisco Multiple Product Information Disclosure Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/110837"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012893"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-327",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012893"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17428"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher"
          },
          {
            "trust": 2.8,
            "url": "https://www.kb.cert.org/vuls/id/144389"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/102170"
          },
          {
            "trust": 1.7,
            "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039984"
          },
          {
            "trust": 0.8,
            "url": "https://robotattack.org"
          },
          {
            "trust": 0.8,
            "url": "https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-meyer.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://www.cert.org/historical/advisories/ca-1998-07.cfm"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc5246#section-7.4.7.1"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/203.html"
          },
          {
            "trust": 0.8,
            "url": "https://support.citrix.com/article/ctx230238"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k21905460"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/matrixssl/matrixssl/blob/master/doc/changes.md"
          },
          {
            "trust": 0.8,
            "url": "https://support.microfocus.com/kb/doc.php?id=7022561"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/wolfssl/wolfssl/pull/1229"
          },
          {
            "trust": 0.8,
            "url": "https://community.rsa.com/docs/doc-85268"
          },
          {
            "trust": 0.8,
            "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17428"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu92438713"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17428"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#144389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108449"
          },
          {
            "db": "BID",
            "id": "102170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012893"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17428"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-577"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#144389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108449"
          },
          {
            "db": "BID",
            "id": "102170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012893"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17428"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-577"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#144389"
          },
          {
            "date": "2017-12-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-37270"
          },
          {
            "date": "2018-03-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108449"
          },
          {
            "date": "2017-12-12T00:00:00",
            "db": "BID",
            "id": "102170"
          },
          {
            "date": "2018-04-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012893"
          },
          {
            "date": "2018-03-05T18:29:00.237000",
            "db": "NVD",
            "id": "CVE-2017-17428"
          },
          {
            "date": "2017-12-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-577"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-04-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#144389"
          },
          {
            "date": "2017-12-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-37270"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108449"
          },
          {
            "date": "2017-12-19T21:01:00",
            "db": "BID",
            "id": "102170"
          },
          {
            "date": "2018-04-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012893"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-17428"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-577"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-577"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#144389"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-577"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2017-17428 (GCVE-0-2017-17428)

    Vulnerability from cvelistv5 – Published: 2018-03-05 18:00 – Updated: 2024-08-05 20:51
    VLAI
    Summary
    Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/102170 vdb-entryx_refsource_BID
    https://www.cavium.com/security-advisory-cve-2017… x_refsource_CONFIRM
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.securitytracker.com/id/1039984 vdb-entryx_refsource_SECTRACK
    https://www.kb.cert.org/vuls/id/144389 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2017-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:51:31.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102170",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102170"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
              },
              {
                "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
              },
              {
                "name": "1039984",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039984"
              },
              {
                "name": "VU#144389",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/144389"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-05T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "102170",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102170"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
            },
            {
              "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
            },
            {
              "name": "1039984",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039984"
            },
            {
              "name": "VU#144389",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/144389"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-17428",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102170",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102170"
                },
                {
                  "name": "https://www.cavium.com/security-advisory-cve-2017-17428.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
                },
                {
                  "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
                },
                {
                  "name": "1039984",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039984"
                },
                {
                  "name": "VU#144389",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/144389"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-17428",
        "datePublished": "2018-03-05T18:00:00.000Z",
        "dateReserved": "2017-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:51:31.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-17428 (GCVE-0-2017-17428)

    Vulnerability from nvd – Published: 2018-03-05 18:00 – Updated: 2024-08-05 20:51
    VLAI
    Summary
    Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/102170 vdb-entryx_refsource_BID
    https://www.cavium.com/security-advisory-cve-2017… x_refsource_CONFIRM
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.securitytracker.com/id/1039984 vdb-entryx_refsource_SECTRACK
    https://www.kb.cert.org/vuls/id/144389 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2017-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:51:31.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102170",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102170"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
              },
              {
                "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
              },
              {
                "name": "1039984",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039984"
              },
              {
                "name": "VU#144389",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/144389"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-05T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "102170",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102170"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
            },
            {
              "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
            },
            {
              "name": "1039984",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039984"
            },
            {
              "name": "VU#144389",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/144389"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-17428",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102170",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102170"
                },
                {
                  "name": "https://www.cavium.com/security-advisory-cve-2017-17428.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
                },
                {
                  "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
                },
                {
                  "name": "1039984",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039984"
                },
                {
                  "name": "VU#144389",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/144389"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-17428",
        "datePublished": "2018-03-05T18:00:00.000Z",
        "dateReserved": "2017-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:51:31.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }