Information disclosure in Cavium products - CVE-2017-17428
Published: March 13, 2018 / Updated: September 14, 2018
Vulnerability identifier: #VU11068
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2017-17428
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Cavium
Affected software:
Nitrox SSL
Nitrox V SSL SDK
TurboSSL SDK
Cavium SDK
Nitrox SSL
Nitrox V SSL SDK
TurboSSL SDK
Cavium SDK
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information o the target system.
The weakness exists due to improper security restrictions. A remote attacker can use the Bleichenbacher attack to monitor Transport Layer Security (TLS) ciphertext data from the targeted client to the affected server and gain access to potentially sensitive information.
How to mitigate CVE-2017-17428
Cybersecurity is currently unaware of any solutions addressing the vulnerability.