// For flags

CVE-2017-17689

 

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

La especificación S/MIME permite un ataque malleability-gadget Cipher Block Chaining (CBC) que puede conducir indirectamente a la exfiltración en texto plano. Esto también se conoce como EFAIL.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-12-15 CVE Reserved
  • 2018-05-16 CVE Published
  • 2024-05-31 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
9folders
Search vendor "9folders"
 Nine
Search vendor "9folders" for product "Nine"
--
Affected
Apple
Search vendor "Apple"
 Mail
Search vendor "Apple" for product "Mail"
--
Affected
Apple
Search vendor "Apple"
 Mail
Search vendor "Apple" for product "Mail"
-iphone_os
Affected
Bloop
Search vendor "Bloop"
 Airmail
Search vendor "Bloop" for product "Airmail"
--
Affected
Emclient
Search vendor "Emclient"
 Emclient
Search vendor "Emclient" for product "Emclient"
--
Affected
Flipdogsolutions
Search vendor "Flipdogsolutions"
 Maildroid
Search vendor "Flipdogsolutions" for product "Maildroid"
--
Affected
Freron
Search vendor "Freron"
 Mailmate
Search vendor "Freron" for product "Mailmate"
--
Affected
Gnome
Search vendor "Gnome"
 Evolution
Search vendor "Gnome" for product "Evolution"
--
Affected
Google
Search vendor "Google"
 Gmail
Search vendor "Google" for product "Gmail"
--
Affected
Horde
Search vendor "Horde"
 Horde Imp
Search vendor "Horde" for product "Horde Imp"
--
Affected
Ibm
Search vendor "Ibm"
 Notes
Search vendor "Ibm" for product "Notes"
--
Affected
Kde
Search vendor "Kde"
 Kmail
Search vendor "Kde" for product "Kmail"
--
Affected
Kde
Search vendor "Kde"
 Trojita
Search vendor "Kde" for product "Trojita"
--
Affected
Microsoft
Search vendor "Microsoft"
 Outlook
Search vendor "Microsoft" for product "Outlook"
 2007
Search vendor "Microsoft" for product "Outlook" and version "2007"
-
Affected
Microsoft
Search vendor "Microsoft"
 Outlook
Search vendor "Microsoft" for product "Outlook"
 2010
Search vendor "Microsoft" for product "Outlook" and version "2010"
-
Affected
Microsoft
Search vendor "Microsoft"
 Outlook
Search vendor "Microsoft" for product "Outlook"
 2013
Search vendor "Microsoft" for product "Outlook" and version "2013"
-
Affected
Microsoft
Search vendor "Microsoft"
 Outlook
Search vendor "Microsoft" for product "Outlook"
 2016
Search vendor "Microsoft" for product "Outlook" and version "2016"
-
Affected
Mozilla
Search vendor "Mozilla"
 Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
--
Affected
Postbox-inc
Search vendor "Postbox-inc"
 Postbox
Search vendor "Postbox-inc" for product "Postbox"
--
Affected
R2mail2
Search vendor "R2mail2"
 R2mail2
Search vendor "R2mail2" for product "R2mail2"
--
Affected
Ritlabs
Search vendor "Ritlabs"
 The Bat
Search vendor "Ritlabs" for product "The Bat"
--
Affected