Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-12373

A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.

Published

2017-12-15T20:29:00.207

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-200
  • Type: Primary
    CWE-203
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco adaptive_security_appliance_5505_firmware - Yes
Hardware cisco adaptive_security_appliance_5505 - No
Operating System cisco adaptive_security_appliance_5510_firmware - Yes
Hardware cisco adaptive_security_appliance_5510 - No
Operating System cisco adaptive_security_appliance_5520_firmware - Yes
Hardware cisco adaptive_security_appliance_5520 - No
Operating System cisco adaptive_security_appliance_5540_firmware - Yes
Hardware cisco adaptive_security_appliance_5540 - No
Operating System cisco adaptive_security_appliance_5550_firmware - Yes
Hardware cisco adaptive_security_appliance_5550 - No
References