Nonce Handling Vulnerability in Radware Devices
CVE-2016-10212

5.9MEDIUM

Key Information:

Vendor

Radware

Status
Alteon
Vendor
CVE Published:
8 February 2017

What is CVE-2016-10212?

Radware devices are vulnerable to a nonce handling flaw where the same value is utilized for the first two GCM nonces. This implementation mistake could be exploited by remote attackers, enabling them to retrieve the authentication key and manipulate data through methods akin to those used in previous vulnerabilities. This issue highlights potential risks associated with third-party components utilized in the product platform.

References

https://github.com/nonce-disrespect/nonce-disrespect
x_refsource_MISC
https://support.radware.com/app/answers/answer_view/a_id/...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96172
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.