CVE-2017-17428

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
caviumnitrox_ssl_sdk
𝑥
≤ 6.1.0
caviumnitrox_v_ssl_sdk
𝑥
≤ 1.2
caviumocteon_sdk
𝑥
≤ 1.7.2
caviumocteon_ssl_sdk
𝑥
≤ 1.5.0
caviumturbossl_sdk
𝑥
≤ 1.0
ciscowebex_conect_im
7.24.1
ciscoace4710_application_control_engine_firmware
3.0\(0\)a5\(2.0\)
ciscoace4710_application_control_engine_firmware
3.0\(0\)a5\(3.0\)
ciscoace4710_application_control_engine_firmware
3.0\(0\)a5\(3.5\)
ciscoace30_application_control_engine_module_firmware
3.0\(0\)a5\(2.0\)
ciscoace30_application_control_engine_module_firmware
3.0\(0\)a5\(3.0\)
ciscoace30_application_control_engine_module_firmware
3.0\(0\)a5\(3.5\)
ciscoadaptive_security_appliance_5520_firmware
9.1\(7.16\)
ciscoadaptive_security_appliance_5540_firmware
9.1\(7.16\)
ciscoadaptive_security_appliance_5550_firmware
9.1\(7.16\)
ciscoadaptive_security_appliance_5510_firmware
9.1\(7.16\)
ciscoadaptive_security_appliance_5505_firmware
9.1\(7.16\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102170
http://www.securitytracker.com/id/1039984
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
https://www.cavium.com/security-advisory-cve-2017-17428.html
https://www.kb.cert.org/vuls/id/144389
http://www.securityfocus.com/bid/102170
http://www.securitytracker.com/id/1039984
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
https://www.cavium.com/security-advisory-cve-2017-17428.html
https://www.kb.cert.org/vuls/id/144389