CVE-2015-5738
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
La implementación de RSA-CRT en Cavium Software Development Kit (SDK) 2.x cuando es utilizada en Hardware OCTEON II CN6xxx en Linux para soporte TLS con Perfect Forward Secrecy (PFS), facilita a atacantes remotos obtener claves RSA privadas llevando a cabo un ataque de canal lateral Lenstra.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-08-05 CVE Reserved
- 2016-07-26 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions | Broken Link | |
| https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf | Technical Description | |
| https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Marvell Search vendor "Marvell" | Software Development Kit Search vendor "Marvell" for product "Software Development Kit" | 2.0 Search vendor "Marvell" for product "Software Development Kit" and version "2.0" | - |
Affected
| in | Marvell Search vendor "Marvell" | Octeon Ii Cn6000 Search vendor "Marvell" for product "Octeon Ii Cn6000" | - | - |
Safe
|
| Marvell Search vendor "Marvell" | Software Development Kit Search vendor "Marvell" for product "Software Development Kit" | 2.0 Search vendor "Marvell" for product "Software Development Kit" and version "2.0" | - |
Affected
| in | Marvell Search vendor "Marvell" | Octeon Ii Cn6010 Search vendor "Marvell" for product "Octeon Ii Cn6010" | - | - |
Safe
|
| Marvell Search vendor "Marvell" | Software Development Kit Search vendor "Marvell" for product "Software Development Kit" | 2.0 Search vendor "Marvell" for product "Software Development Kit" and version "2.0" | - |
Affected
| in | Marvell Search vendor "Marvell" | Octeon Ii Cn6020 Search vendor "Marvell" for product "Octeon Ii Cn6020" | - | - |
Safe
|
| F5 Search vendor "F5" | Traffix Signaling Delivery Controller Search vendor "F5" for product "Traffix Signaling Delivery Controller" | >= 3.3.2 <= 3.5.1 Search vendor "F5" for product "Traffix Signaling Delivery Controller" and version " >= 3.3.2 <= 3.5.1" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Traffix Signaling Delivery Controller Search vendor "F5" for product "Traffix Signaling Delivery Controller" | >= 4.0.0 <= 4.4.0 Search vendor "F5" for product "Traffix Signaling Delivery Controller" and version " >= 4.0.0 <= 4.4.0" | - |
Affected
| ||||||