CVE-2017-17428

high-risk

Published 2018-03-05

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Do I need to act?

77.0% chance of exploitation in next 30 days

EPSS score — higher than 23% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (19)

Nitrox Ssl Sdk

Nitrox V Ssl Sdk

Octeon Sdk

Octeon Ssl Sdk

Turbossl Sdk

Webex Conect Im

Webex Meetings

Ace4710 Application Control Engine Firmware

Ace30 Application Control Engine Module Firmware

Adaptive Security Appliance 5520 Firmware

Adaptive Security Appliance 5540 Firmware

Adaptive Security Appliance 5550 Firmware

Adaptive Security Appliance 5510 Firmware

Adaptive Security Appliance 5505 Firmware

Affected Vendors

Cisco Cavium

References (10)

Third Party Advisory http://www.securityfocus.com/bid/102170

Third Party Advisory http://www.securitytracker.com/id/1039984

Third Party Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

Vendor Advisory https://www.cavium.com/security-advisory-cve-2017-17428.html

Third Party Advisory https://www.kb.cert.org/vuls/id/144389

Third Party Advisory http://www.securityfocus.com/bid/102170

Third Party Advisory http://www.securitytracker.com/id/1039984

Third Party Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

Vendor Advisory https://www.cavium.com/security-advisory-cve-2017-17428.html

Third Party Advisory https://www.kb.cert.org/vuls/id/144389

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 20/34 · Moderate

Exposure 19/34 · Moderate