Main Vulnerability Database Vulnerabilities #VU84952

TLS Padding Oracle in Cisco Adaptive Security Appliance (ASA) - CVE-2017-12373

Published: January 3, 2024

Vulnerability identifier: #VU84952

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-12373

CWE-ID: CWE-310

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Cisco Adaptive Security Appliance (ASA)

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to decrypt TLS traffic.

The vulnerability exists due to an error in TLS implementation. A remote attacker with ability to establish a large number of TLS connections with the target server can conduct an adaptive-chosen ciphertext attack against RSA cipher and gain access to sensitive information.

The attack is known as "ROBOT" (Return Of Bleichenbacher's Oracle Threat).

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher

TLS Padding Oracle in Cisco Adaptive Security Appliance (ASA) - CVE-2017-12373

Description

Remediation

External links

Please verify you're human