7.1

CVE-2017-17428

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CaviumNitrox Ssl Sdk Version <= 6.1.0
CaviumNitrox V Ssl Sdk Version <= 1.2
CaviumOcteon Sdk Version <= 1.7.2
CaviumOcteon Ssl Sdk Version <= 1.5.0
CaviumTurbossl Sdk Version <= 1.0
CiscoWebex Conect Im Version7.24.1
CiscoWebex Meetings Versiont31
CiscoWebex Meetings Versiont32
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.01% 0.963
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:C/I:N/A:N
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://www.kb.cert.org/vuls/id/144389
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/102170
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
Third Party Advisory
http://www.securitytracker.com/id/1039984
Third Party Advisory
VDB Entry
https://www.cavium.com/security-advisory-cve-2017-17428.html
Vendor Advisory