CVE-2017-17428

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Published: Mar 5, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-17428
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:C/I:N/A:N

CWEs:

CWE-327

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
cavium / nitrox_v_ssl_sdk	-	1.2.x
cavium / nitrox_ssl_sdk	-	6.1.0.x
cavium / turbossl_sdk	-	1.0.x
cavium / octeon_ssl_sdk	-	1.5.0.x
cavium / octeon_sdk	-	1.7.2.x
cisco / webex_meetings	t31	t31.x
cisco / webex_meetings	t32	t32.x
cisco / webex_conect_im	7.24.1	7.24.1.x
cisco / ace4710_application_control_engine_firmware	3.0(0)a5(2.0)	3.0(0)a5(2.0).x
cisco / ace4710_application_control_engine_firmware	3.0(0)a5(3.0)	3.0(0)a5(3.0).x
cisco / ace4710_application_control_engine_firmware	3.0(0)a5(3.5)	3.0(0)a5(3.5).x
cisco / ace30_application_control_engine_module_firmware	3.0(0)a5(2.0)	3.0(0)a5(2.0).x
cisco / ace30_application_control_engine_module_firmware	3.0(0)a5(3.0)	3.0(0)a5(3.0).x
cisco / ace30_application_control_engine_module_firmware	3.0(0)a5(3.5)	3.0(0)a5(3.5).x
cisco / adaptive_security_appliance_5520_firmware	9.1(7.16)	9.1(7.16).x
cisco / adaptive_security_appliance_5540_firmware	9.1(7.16)	9.1(7.16).x
cisco / adaptive_security_appliance_5550_firmware	9.1(7.16)	9.1(7.16).x
cisco / adaptive_security_appliance_5510_firmware	9.1(7.16)	9.1(7.16).x
cisco / adaptive_security_appliance_5505_firmware	9.1(7.16)	9.1(7.16).x

Vulnerability Database

289,697

CVE-2017-17428