Downgrade Attack Vulnerability in EMC RSA BSAFE Products
CVE-2015-0533

7.5HIGH

Key Information:

Vendor: Dell
Status: Bsafe Ssl-c; Bsafe
Vendor: CVE Published:; 20 August 2015

Summary

EMC RSA BSAFE Micro Edition Suite versions 4.0.x prior to 4.0.8 and 4.1.x prior to 4.1.3, as well as RSA BSAFE SSL-C version 2.8.9 and earlier, contain a vulnerability that allows remote SSL servers to carry out ECDHE-to-ECDH downgrade attacks. This can result in the loss of forward secrecy by omitting the crucial ServerKeyExchange message, leaving encrypted communications susceptible to interception. This issue is similar to previous vulnerabilities and highlights the need for robust security practices when managing encryption protocols.

References

http://seclists.org/bugtraq/2015/Aug/84

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/76377

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 20, 2015
Vulnerability Reserved
Dec 17, 2014