CVE-2017-12373

5.9MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Legacy Asa 5500 Products Tls Protocol Implementation
Vendor: CVE Published:; 15 December 2017

Summary

A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.

Affected Version(s)

Cisco legacy ASA 5500 products TLS protocol implementation Cisco legacy ASA 5500 products TLS protocol implementation

References

http://www.securityfocus.com/bid/102170

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 15, 2017
Vulnerability Reserved
Aug 3, 2017