Main Vulnerability Database Vulnerabilities #VU84950

TLS Padding Oracle in AlteonOS - CVE-2017-17427

Published: January 3, 2024

Vulnerability identifier: #VU84950

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-17427

CWE-ID: CWE-310

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
AlteonOS

Software vendor:
Radware

Description

The vulnerability allows a remote attacker to decrypt TLS traffic.

The vulnerability exists due to an error in TLS implementation. A remote attacker with ability to establish a large number of TLS connections with the target server can conduct an adaptive-chosen ciphertext attack against RSA cipher and gain access to sensitive information.

The attack is known as "ROBOT" (Return Of Bleichenbacher's Oracle Threat).

Remediation

Install updates from vendor's website.

External links

https://robotattack.org/
https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability
https://www.kb.cert.org/vuls/id/144389

TLS Padding Oracle in AlteonOS - CVE-2017-17427

Description

Remediation

External links

Please verify you're human