TLS Vulnerability in Cisco ASA 5500 Series Products
CVE-2017-12373

5.9MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Legacy Asa 5500 Products Tls Protocol Implementation
Vendor
CVE Published:
15 December 2017

Summary

A vulnerability in the TLS protocol implementation of certain Cisco ASA 5500 Series devices allows unauthenticated remote attackers to exploit the system. Utilizing a Return of Bleichenbacher's Oracle Threat (ROBOT) attack, an attacker can iteratively query vulnerable servers to perform cryptanalytic operations, ultimately enabling the decryption of previously captured TLS sessions. This compromises sensitive information and poses serious security concerns for affected users.

Affected Version(s)

Cisco legacy ASA 5500 products TLS protocol implementation Cisco legacy ASA 5500 products TLS protocol implementation

References

http://www.securityfocus.com/bid/102170
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.