← Back

CVE-2017-17428

nvd nist
Published: Mar 5, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Affected (19)

Cavium
5 products
Nitrox Ssl Sdk
Nitrox V Ssl Sdk
Octeon Sdk
Octeon Ssl Sdk
Turbossl Sdk
Cisco
9 products
Webex Conect Im
Webex Meetings
Ace4710 Application Control Engine Firmware
Ace30 Application Control Engine Module Firmware
Adaptive Security Appliance 5520 Firmware
Adaptive Security Appliance 5540 Firmware
Adaptive Security Appliance 5550 Firmware
Adaptive Security Appliance 5510 Firmware
Adaptive Security Appliance 5505 Firmware
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Nitrox Ssl Sdk
Up to 6.1.0
Nitrox V Ssl Sdk
Up to 1.2
Octeon Sdk
Up to 1.7.2
Octeon Ssl Sdk
Up to 1.5.0
Turbossl Sdk
Up to 1.0
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Webex Conect Im
Version 7.24.1
Cisco
Webex Meetings
Version t31
Webex Meetings
Version t32
Configuration C
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Ace4710 Application Control Engine Firmware
Version 3.0(0)a5(2.0)
Ace4710 Application Control Engine Firmware
Version 3.0(0)a5(3.0)
Ace4710 Application Control Engine Firmware
Version 3.0(0)a5(3.5)
Running on/withPlatform Versions
Cisco
Ace 4710 Application Control Engine
All versions
Configuration D
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Ace30 Application Control Engine Module Firmware
Version 3.0(0)a5(2.0)
Ace30 Application Control Engine Module Firmware
Version 3.0(0)a5(3.0)
Ace30 Application Control Engine Module Firmware
Version 3.0(0)a5(3.5)
Running on/withPlatform Versions
Cisco
Ace30 Application Control Engine Module
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adaptive Security Appliance 5520 Firmware
Version 9.1(7.16)
Running on/withPlatform Versions
Cisco
Adaptive Security Appliance 5520
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adaptive Security Appliance 5540 Firmware
Version 9.1(7.16)
Running on/withPlatform Versions
Cisco
Adaptive Security Appliance 5540
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adaptive Security Appliance 5550 Firmware
Version 9.1(7.16)
Running on/withPlatform Versions
Cisco
Adaptive Security Appliance 5550
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adaptive Security Appliance 5510 Firmware
Version 9.1(7.16)
Running on/withPlatform Versions
Cisco
Adaptive Security Appliance 5510
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adaptive Security Appliance 5505 Firmware
Version 9.1(7.16)
Running on/withPlatform Versions
Cisco
Adaptive Security Appliance 5505
All versions

Related CWEs

CWE-327
Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.

References (10)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.