CVE-2017-17428 EOL/Obsolete Hardware: Cisco ACE30/4710 SSL SDK Bleichenbacher Attack Information Disclosure Vulnerability (ROBOT)

漏洞类别:Security Policy

漏洞等级:

漏洞信息

A vulnerability in the TLS protocol implementation on the crypto hardware SSL Software Development Kit (SDK) could allow an unauthenticated, remote attacker to access sensitive information.
The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange.

Cisco ACE 4710 Application Control Engine Appliance entered the end-of-life cycle on July 26, 2013. For reference, see theEnd-of-Sale and End-of-Life Announcement.

漏洞危害

An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack.

解决方案

More information can be obtained from cisco-sa-20171212-bleichenbacher

Leave a Reply