CVE-2017-13099
wolfSSL Bleichenbacher/ROBOT
Severity Score
5.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
wolfSSL en versiones anteriores a la 3.12.2 proporciona un oráculo de Bleichenbacher débil cuando se negocia una suite de cifrado TLS que utiliza un intercambio de claves RSA. Un atacante puede recuperar la clave privada desde una aplicación wolfSSL vulnerable. Esta vulnerabilidad es conocida como "ROBOT".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-08-22 CVE Reserved
- 2017-12-13 CVE Published
- 2023-06-14 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/144389 | Issue Tracking |
|
| http://www.securityfocus.com/bid/102174 | Issue Tracking | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf | Third Party Advisory |
|
| https://robotattack.org | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/wolfSSL/wolfssl/pull/1229 | 2019-10-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Scalance W1750d Firmware Search vendor "Siemens" for product "Scalance W1750d Firmware" | < 8.3.0.1 Search vendor "Siemens" for product "Scalance W1750d Firmware" and version " < 8.3.0.1" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance W1750d Search vendor "Siemens" for product "Scalance W1750d" | - | - |
Safe
|
| Wolfssl Search vendor "Wolfssl" | Wolfssl Search vendor "Wolfssl" for product "Wolfssl" | < 3.12.2 Search vendor "Wolfssl" for product "Wolfssl" and version " < 3.12.2" | - |
Affected
| ||||||
| Arubanetworks Search vendor "Arubanetworks" | Instant Search vendor "Arubanetworks" for product "Instant" | < 6.5.4.6 Search vendor "Arubanetworks" for product "Instant" and version " < 6.5.4.6" | - |
Affected
| ||||||