CVE-2017-12373

moderate-risk

Published 2017-12-15

A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.

Do I need to act?

66.9% chance of exploitation in next 30 days

EPSS score — higher than 33% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (5)

Adaptive Security Appliance 5550 Firmware

Adaptive Security Appliance 5505 Firmware

Adaptive Security Appliance 5510 Firmware

Adaptive Security Appliance 5520 Firmware

Adaptive Security Appliance 5540 Firmware

Affected Vendors

Cisco

References (4)

Third Party Advisory http://www.securityfocus.com/bid/102170

Issue Tracking https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

Third Party Advisory http://www.securityfocus.com/bid/102170

Issue Tracking https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 19/34 · Moderate

Exposure 12/34 · Low