Main Vulnerability Database Vulnerabilities #VU11068

#VU11068 Information disclosure in Cavium products - CVE-2017-17428

Published: March 13, 2018 / Updated: September 14, 2018

Vulnerability identifier: #VU11068

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear

CVE-ID: CVE-2017-17428

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Nitrox SSL
Nitrox V SSL SDK
TurboSSL SDK
Cavium SDK

Software vendor:
Cavium

Description

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information o the target system.

The weakness exists due to improper security restrictions. A remote attacker can use the Bleichenbacher attack to monitor Transport Layer Security (TLS) ciphertext data from the targeted client to the affected server and gain access to potentially sensitive information.

Remediation

Cybersecurity is currently unaware of any solutions addressing the vulnerability.

External links

https://www.cavium.com/security-advisory-cve-2017-17428.html

#VU11068 Information disclosure in Cavium products - CVE-2017-17428

Description

Remediation

External links

Please verify you're human