cvelistv5 - CVE-2017-17427

CVE-2017-17427 (GCVE-0-2017-17427)

Vulnerability from cvelistv5

Published

2017-12-13 16:00

Modified

2024-08-05 20:51

Severity ?

CWE

Summary

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.

References

URL

Tags

cve@mitre.org	http://www.securityfocus.com/bid/102199	Third Party Advisory, VDB Entry
cve@mitre.org	https://robotattack.org/	Technical Description
cve@mitre.org	https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability	Mitigation, Vendor Advisory
cve@mitre.org	https://www.kb.cert.org/vuls/id/144389	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102199	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://robotattack.org/	Technical Description
af854a3a-2127-422b-91ae-364da2661108	https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/144389	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:51:31.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://robotattack.org/"
          },
          {
            "name": "102199",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102199"
          },
          {
            "name": "VU#144389",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/144389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-16T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://robotattack.org/"
        },
        {
          "name": "102199",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102199"
        },
        {
          "name": "VU#144389",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/144389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://robotattack.org/",
              "refsource": "MISC",
              "url": "https://robotattack.org/"
            },
            {
              "name": "102199",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102199"
            },
            {
              "name": "VU#144389",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/144389"
            },
            {
              "name": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability",
              "refsource": "CONFIRM",
              "url": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17427",
    "datePublished": "2017-12-13T16:00:00",
    "dateReserved": "2017-12-05T00:00:00",
    "dateUpdated": "2024-08-05T20:51:31.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-17427\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-12-13T16:29:00.317\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\\\"Bleichenbacher attack\\\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.\"},{\"lang\":\"es\",\"value\":\"Los dispositivos Radware Alteon con versiones de firmware entre 31.0.0.0-31.0.3.0 son vulnerables a un ataque de texto cifrado elegido adaptativo, tambi\u00e9n conocido como \\\"ataque Bleichenbacher\\\". Esto permite que un atacante descifre tr\u00e1fico observado que ha sido cifrado con el m\u00e9todo RSA y realice otras operaciones con la clave privada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:radware:alteon_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"31.0.0.0\",\"versionEndIncluding\":\"31.0.3.0\",\"matchCriteriaId\":\"08ABFCE7-E014-4D08-A1AF-D4D2D608C951\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:radware:alteon:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC8BE92A-842C-4723-9D1C-81F602CA3C5D\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102199\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://robotattack.org/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/144389\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/102199\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://robotattack.org/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/144389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

CERTFR-2017-ALE-020

Vulnerability from certfr_alerte

[Mise à jour du 02/02/2018 : Ajout de l'avis de sécurité Aruba ARUBA-PSA-2018-002]

En 1998, le chercheur Daniel Bleichenbacher a découvert une vulnérabilité dans des implémentations du chiffrement RSA PKCS #1 v1.5 utilisé dans SSL.

Celle-ci permet une attaque à texte chiffré choisi. Après avoir passivement intercepté les communications entre un client et un serveur, un attaquant peut envoyer des requêtes mal formées à ce serveur, chiffrées avec la clé publique de celui-ci, dans le but d'obtenir des informations en fonction des messages d'erreurs reçus. Au bout d'un certain nombre de requêtes, l'attaquant est en mesure, sans deviner la clé privée, de récupérer la clé de session dans ses captures préalables et ainsi pouvoir déchiffrer les communications. Suivant les implémentations, ce nombre de requêtes varie de plusieurs dizaines de milliers à quelques millions. Cette attaque permet également de faire signer des messages arbitraires par le serveur.

Le 12 décembre 2017, des chercheurs ont publié leurs travaux sur cette vulnérabilité par le biais d'un site internet (cf. section Documentation) et d'un papier blanc (cf. section Documentation). En scannant internet, ils ont découvert que de nombreuses implémentations de piles TLS sont encore vulnérables, soit parce qu'elles n'ont pas été mises à jour, soit parce qu'il n'a pas été tenu compte des contre-mesures existantes.

Ces chercheurs estiment qu'une attaque de l'intercepteur actif (Mitm) est peu pratique à mettre en oeuvre à cause du temps requis pour récupérer la clé de session. En effet, celui-ci est de l'ordre de plusieurs secondes ; cela est suffisant pour une attaque hors ligne, mais trop long pour se placer discrètement dans une communication. Ils recommandent de désactiver le chiffrement RSA au profit de l'utilisation de l'algorithme de Diffie-Hellman en courbes elliptiques.

Le 30 janvier 2018, Aruba Networks a publié un avis de sécurité pour indiquer que les versions d'InstantOS antérieures à 6.5.4.6 étaient vulnérables (cf. section Documentation). La version 6.5.4.6 n'est cependant pas encore disponible et ne possède pas de date de sortie officielle.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

Le CERT-FR recommande l'utilisation des outils fournis par les chercheurs sur leur site (cf. section Documentation) afin de déterminer si des équipements sont vulnérables. D'un point de vue opérationnel, la désactivation du chiffrement RSA peut s'avérer compliquée. Il est aussi possible de surveiller les communications réseaux pour détecter des pics d'envois de messages erronés.

En cas de présence d'équipement vulnérable, les communications ne peuvent plus être considérées comme confidentielles. De même, on ne peut plus faire confiance aux messages signés par un serveur vulnérable.

Les chercheurs ont annoncé qu'ils disposaient d'une preuve de concept. Pour l'instant, celle-ci n'est pas disponible publiquement, mais ils ont annoncé qu'ils comptaient la publier après avoir laissé du temps supplémentaire aux constructeurs pour corriger cette faille.

Le CERT-FR recommande l'installation des correctifs dès que ceux-ci sont disponibles.

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Se référer à la liste des produits affectés sur le site du kd.cert.org (cf. section Documentation)

References

Title

Publication Time

Tags

robotattack.org	None	vendor-advisory
Avis CERT-FR CERTFR-2017-AVI-463	-	other
Return Of Bleichenbacher’s Oracle Threat (ROBOT)	-	other
Liste étendue de produits affectés	-	other
Avis de sécurité Aruba ARUBA-PSA-2018-002 du 30 janvier 2018	-	other
Avis CERT-FR CERTFR-2017-AVI-462	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Se r\u00e9f\u00e9rer \u00e0 la liste des produits affect\u00e9s sur le site du kd.cert.org (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2018-04-06",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nLe CERT-FR recommande l\u0027utilisation des outils fournis par les\nchercheurs sur leur site (cf. section Documentation) afin de d\u00e9terminer\nsi des \u00e9quipements sont vuln\u00e9rables. D\u0027un point de vue op\u00e9rationnel, la\nd\u00e9sactivation du chiffrement RSA peut s\u0027av\u00e9rer compliqu\u00e9e. Il est aussi\npossible de surveiller les communications r\u00e9seaux pour d\u00e9tecter des pics\nd\u0027envois de messages erron\u00e9s.\n\nEn cas de pr\u00e9sence d\u0027\u00e9quipement vuln\u00e9rable, les communications ne\npeuvent plus \u00eatre consid\u00e9r\u00e9es comme confidentielles. De m\u00eame, on ne peut\nplus faire confiance aux messages sign\u00e9s par un serveur vuln\u00e9rable.\n\nLes chercheurs ont annonc\u00e9 qu\u0027ils disposaient d\u0027une preuve de concept.\nPour l\u0027instant, celle-ci n\u0027est pas disponible publiquement, mais ils ont\nannonc\u00e9 qu\u0027ils comptaient la publier apr\u00e8s avoir laiss\u00e9 du temps\nsuppl\u00e9mentaire aux constructeurs pour corriger cette faille.\n\nLe CERT-FR recommande l\u0027installation des correctifs d\u00e8s que ceux-ci sont\ndisponibles.\n",
  "cves": [
    {
      "name": "CVE-2017-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13099"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2016-6883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6883"
    },
    {
      "name": "CVE-2017-17428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17428"
    },
    {
      "name": "CVE-2017-13098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2017-6168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6168"
    },
    {
      "name": "CVE-2017-17382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17382"
    },
    {
      "name": "CVE-2017-17427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17427"
    }
  ],
  "initial_release_date": "2017-12-13T00:00:00",
  "last_revision_date": "2018-04-06T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2017-AVI-463",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-463/"
    },
    {
      "title": "Return Of Bleichenbacher\u2019s Oracle Threat (ROBOT)",
      "url": "https://eprint.iacr.org/2017/1189.pdf"
    },
    {
      "title": "Liste \u00e9tendue de produits affect\u00e9s",
      "url": "https://www.kb.cert.org/vuls/byvendor?searchview\u0026Query=FIELD+Reference=144389\u0026SearchOrder=4"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2018-002 du 30 janvier 2018",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
    },
    {
      "title": "Avis CERT-FR CERTFR-2017-AVI-462",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-462/"
    }
  ],
  "reference": "CERTFR-2017-ALE-020",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-13T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027avis de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2018-002",
      "revision_date": "2018-02-02T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte",
      "revision_date": "2018-04-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "\\[Mise \u00e0 jour du 02/02/2018 : Ajout de l\u0027avis de s\u00e9curit\u00e9 Aruba\nARUBA-PSA-2018-002\\]\n\nEn 1998, le chercheur\u00a0Daniel Bleichenbacher a d\u00e9couvert une\nvuln\u00e9rabilit\u00e9 dans des impl\u00e9mentations du chiffrement RSA PKCS \\#1 v1.5\nutilis\u00e9 dans SSL.\n\nCelle-ci permet une attaque \u00e0 texte chiffr\u00e9 choisi. Apr\u00e8s avoir\npassivement intercept\u00e9 les communications entre un client et un serveur,\nun attaquant peut envoyer des requ\u00eates mal form\u00e9es \u00e0 ce serveur,\nchiffr\u00e9es avec la cl\u00e9 publique de celui-ci, dans le but d\u0027obtenir des\ninformations en fonction des messages d\u0027erreurs re\u00e7us. Au bout d\u0027un\ncertain nombre de requ\u00eates, l\u0027attaquant est en mesure, sans deviner la\ncl\u00e9 priv\u00e9e, de r\u00e9cup\u00e9rer la cl\u00e9 de session dans ses captures pr\u00e9alables\net ainsi pouvoir d\u00e9chiffrer les communications. Suivant les\nimpl\u00e9mentations, ce nombre de requ\u00eates varie de plusieurs dizaines de\nmilliers \u00e0 quelques millions. Cette attaque permet \u00e9galement de faire\nsigner des messages arbitraires par le serveur.\n\nLe 12 d\u00e9cembre 2017, des chercheurs ont publi\u00e9 leurs travaux sur cette\nvuln\u00e9rabilit\u00e9 par le biais d\u0027un site internet (cf. section\nDocumentation) et d\u0027un papier blanc (cf. section Documentation). En\nscannant internet, ils ont d\u00e9couvert que de nombreuses impl\u00e9mentations\nde piles TLS sont encore vuln\u00e9rables, soit parce qu\u0027elles n\u0027ont pas \u00e9t\u00e9\nmises \u00e0 jour, soit parce qu\u0027il n\u0027a pas \u00e9t\u00e9 tenu compte des\ncontre-mesures existantes.\n\nCes chercheurs estiment qu\u0027une attaque de l\u0027intercepteur actif (Mitm)\nest peu pratique \u00e0 mettre en oeuvre \u00e0 cause du temps requis pour\nr\u00e9cup\u00e9rer la cl\u00e9 de session. En effet, celui-ci est de l\u0027ordre de\nplusieurs secondes ; cela est suffisant pour une attaque hors ligne,\nmais trop long pour se placer discr\u00e8tement dans une communication. Ils\nrecommandent de d\u00e9sactiver le chiffrement RSA au profit de l\u0027utilisation\nde l\u0027algorithme de Diffie-Hellman en courbes elliptiques.\n\nLe 30 janvier 2018, Aruba Networks a publi\u00e9 un avis de s\u00e9curit\u00e9 pour\nindiquer que les versions d\u0027InstantOS ant\u00e9rieures \u00e0 6.5.4.6 \u00e9taient\nvuln\u00e9rables (cf. section Documentation). La version 6.5.4.6 n\u0027est\ncependant pas encore disponible et ne poss\u00e8de pas de date de sortie\nofficielle.\n\n\u00a0\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans des impl\u00e9mentations de TLS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "robotattack.org",
      "url": "https://robotattack.org/"
    }
  ]
}

ghsa-3ph6-jhvp-76gj

Vulnerability from github

Published

2022-05-13 01:44

Modified

2025-04-20 03:49

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-17427"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-13T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.",
  "id": "GHSA-3ph6-jhvp-76gj",
  "modified": "2025-04-20T03:49:58Z",
  "published": "2022-05-13T01:44:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17427"
    },
    {
      "type": "WEB",
      "url": "https://robotattack.org"
    },
    {
      "type": "WEB",
      "url": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/144389"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102199"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2018-00540

Vulnerability from cnvd

Title

Radware Alteon信息泄露漏洞

Description

Radware Alteon是以色列Radware公司一款应用交付控制器产品。使用31.0.0.0版本至31.0.3.0版本固件的Radware Alteon中存在安全漏洞。攻击者可利用该漏洞解密观察到的流量并执行其他的私钥操作。

Severity

中

Patch Name

Radware Alteon信息泄露漏洞的补丁

Patch Description

Radware Alteon是以色列Radware公司一款应用交付控制器产品。使用31.0.0.0版本至31.0.3.0版本固件的Radware Alteon中存在安全漏洞。攻击者可利用该漏洞解密观察到的流量并执行其他的私钥操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-17427

Impacted products

Name
Radware Alteon >=31.0.0.0，<=31.0.3.0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102199"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17427",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17427"
    }
  },
  "description": "Radware Alteon\u662f\u4ee5\u8272\u5217Radware\u516c\u53f8\u4e00\u6b3e\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\u4ea7\u54c1\u3002\r\n\r\n\u4f7f\u752831.0.0.0\u7248\u672c\u81f331.0.3.0\u7248\u672c\u56fa\u4ef6\u7684Radware Alteon\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u5bc6\u89c2\u5bdf\u5230\u7684\u6d41\u91cf\u5e76\u6267\u884c\u5176\u4ed6\u7684\u79c1\u94a5\u64cd\u4f5c\u3002",
  "discovererName": "Hanno B\u00c3\u00b6ck",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-00540",
  "openTime": "2018-01-09",
  "patchDescription": "Radware Alteon\u662f\u4ee5\u8272\u5217Radware\u516c\u53f8\u4e00\u6b3e\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\u4ea7\u54c1\u3002\r\n\r\n\u4f7f\u752831.0.0.0\u7248\u672c\u81f331.0.3.0\u7248\u672c\u56fa\u4ef6\u7684Radware Alteon\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u5bc6\u89c2\u5bdf\u5230\u7684\u6d41\u91cf\u5e76\u6267\u884c\u5176\u4ed6\u7684\u79c1\u94a5\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Radware Alteon\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Radware Alteon \u003e=31.0.0.0\uff0c\u003c=31.0.3.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-17427",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-15",
  "title": "Radware Alteon\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

gsd-2017-17427

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-17427

Aliases

CVE-2017-17427

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-17427",
    "description": "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.",
    "id": "GSD-2017-17427"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-17427"
      ],
      "details": "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.",
      "id": "GSD-2017-17427",
      "modified": "2023-12-13T01:21:04.668149Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-17427",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://robotattack.org/",
            "refsource": "MISC",
            "url": "https://robotattack.org/"
          },
          {
            "name": "102199",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102199"
          },
          {
            "name": "VU#144389",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/144389"
          },
          {
            "name": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability",
            "refsource": "CONFIRM",
            "url": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:radware:alteon_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "31.0.3.0",
                    "versionStartIncluding": "31.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:radware:alteon:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17427"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-203"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#144389",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/144389"
            },
            {
              "name": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability"
            },
            {
              "name": "https://robotattack.org/",
              "refsource": "MISC",
              "tags": [
                "Technical Description"
              ],
              "url": "https://robotattack.org/"
            },
            {
              "name": "102199",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102199"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-12-13T16:29Z"
    }
  }
}

fkie_cve-2017-17427

Vulnerability from fkie_nvd

Published

2017-12-13 16:29

Modified

2025-04-20 01:37

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/102199	Third Party Advisory, VDB Entry
cve@mitre.org	https://robotattack.org/	Technical Description
cve@mitre.org	https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability	Mitigation, Vendor Advisory
cve@mitre.org	https://www.kb.cert.org/vuls/id/144389	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102199	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://robotattack.org/	Technical Description
af854a3a-2127-422b-91ae-364da2661108	https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/144389	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	radware	alteon_firmware	*
	radware	alteon	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:radware:alteon_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08ABFCE7-E014-4D08-A1AF-D4D2D608C951",
              "versionEndIncluding": "31.0.3.0",
              "versionStartIncluding": "31.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:radware:alteon:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8BE92A-842C-4723-9D1C-81F602CA3C5D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Radware Alteon con versiones de firmware entre 31.0.0.0-31.0.3.0 son vulnerables a un ataque de texto cifrado elegido adaptativo, tambi\u00e9n conocido como \"ataque Bleichenbacher\". Esto permite que un atacante descifre tr\u00e1fico observado que ha sido cifrado con el m\u00e9todo RSA y realice otras operaciones con la clave privada."
    }
  ],
  "id": "CVE-2017-17427",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-13T16:29:00.317",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102199"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Technical Description"
      ],
      "url": "https://robotattack.org/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/144389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description"
      ],
      "url": "https://robotattack.org/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/144389"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2022-AVI-171

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les commutateurs Aruba AOS-CX. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
HPE Aruba Networking	AOS	AOS-CX versions 10.06.x antérieures à 10.06.0180
HPE Aruba Networking	AOS	AOS-CX versions 10.09.x antérieures à 10.09.0010
HPE Aruba Networking	AOS	AOS-CX versions 10.07.x antérieures à 10.07.0061
HPE Aruba Networking	AOS	AOS-CX versions 10.08.x antérieures à 10.08.1040

References

Title

Publication Time

Tags

Bulletin de sécurité Aruba AOS-CX ARUBA-PSA-2022-004 du 23 février 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AOS-CX versions 10.06.x ant\u00e9rieures \u00e0 10.06.0180",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.09.x ant\u00e9rieures \u00e0 10.09.0010",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.07.x ant\u00e9rieures \u00e0 10.07.0061",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.08.x ant\u00e9rieures \u00e0 10.08.1040",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13099"
    },
    {
      "name": "CVE-2016-6883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6883"
    },
    {
      "name": "CVE-2017-17427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17427"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2017-13098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2002-20001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-20001"
    },
    {
      "name": "CVE-2017-6168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6168"
    },
    {
      "name": "CVE-2021-41000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41000"
    },
    {
      "name": "CVE-2017-12373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12373"
    },
    {
      "name": "CVE-2021-41003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41003"
    },
    {
      "name": "CVE-2017-17428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17428"
    },
    {
      "name": "CVE-2021-41001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41001"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2017-17382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17382"
    },
    {
      "name": "CVE-2021-41002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41002"
    }
  ],
  "initial_release_date": "2022-02-23T00:00:00",
  "last_revision_date": "2022-02-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-171",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les commutateurs\nAruba AOS-CX. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les commutateurs Aruba AOS-CX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba AOS-CX ARUBA-PSA-2022-004 du 23 f\u00e9vrier 2022",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-17427 (GCVE-0-2017-17427)

Vulnerability from cvelistv5

CERTFR-2017-ALE-020

Vulnerability from certfr_alerte

Solution

Contournement provisoire

ghsa-3ph6-jhvp-76gj

Vulnerability from github

cnvd-2018-00540

Vulnerability from cnvd

gsd-2017-17427

Vulnerability from gsd

fkie_cve-2017-17427

Vulnerability from fkie_nvd

CERTFR-2022-AVI-171

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature