Information disclosure in Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL

Published: 2018-03-14 11:31:13
Severity Low
Patch available NO
Number of vulnerabilities 1
CVE ID CVE-2017-17428
CVSSv3 4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CWE ID CWE-200
Exploitation vector Network
Public exploit Not available
Vulnerable software Nitrox SSL
Nitrox V SSL SDK
TurboSSL SDK
Cavium SDK
Vulnerable software versions Nitrox SSL 6.0
Nitrox SSL 6.1.0
Nitrox V SSL SDK 1.0
Nitrox V SSL SDK 1.1
Nitrox V SSL SDK 1.2
TurboSSL SDK 2.0
TurboSSL SDK 2.1
TurboSSL SDK 2.2
Cavium SDK 1.6
Vendor URL Cavium

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information o the target system.

The weakness exists due to improper security restrictions. A remote attacker can use the Bleichenbacher attack to monitor Transport Layer Security (TLS) ciphertext data from the targeted client to the affected server and gain access to potentially sensitive information.

Remediation

Cybersecurity is currently unaware of any solutions addressing the vulnerability.

External links

https://www.cavium.com/security-advisory-cve-2017-17428.html

Back to List