← Back

CVE-2017-12373

nvd nist
Published: Dec 15, 2017Modified: May 13, 2026

JSON object

Loading...
5.9
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.

Affected (5)

Cisco
5 products
Adaptive Security Appliance 5505 Firmware
Adaptive Security Appliance 5510 Firmware
Adaptive Security Appliance 5520 Firmware
Adaptive Security Appliance 5540 Firmware
Adaptive Security Appliance 5550 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adaptive Security Appliance 5505 Firmware
All versions
Running on/withPlatform Versions
Cisco
Adaptive Security Appliance 5505
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adaptive Security Appliance 5510 Firmware
All versions
Running on/withPlatform Versions
Cisco
Adaptive Security Appliance 5510
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adaptive Security Appliance 5520 Firmware
All versions
Running on/withPlatform Versions
Cisco
Adaptive Security Appliance 5520
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adaptive Security Appliance 5540 Firmware
All versions
Running on/withPlatform Versions
Cisco
Adaptive Security Appliance 5540
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adaptive Security Appliance 5550 Firmware
All versions
Running on/withPlatform Versions
Cisco
Adaptive Security Appliance 5550
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (4)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Issue TrackingMitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingMitigationVendor Advisory

Timeline

No history available yet.