CVE-2020-1968
Raccoon attack
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
El ataque Raccoon explota un fallo en la especificación TLS que puede conllevar a que un atacante sea capaz de calcular el secreto pre-master en conexiones que han usado un conjunto de cifrado basado en Diffie-Hellman (DH). En tal caso, esto haría que el atacante pudiera espiar todas las comunicaciones cifradas enviadas por medio de esa conexión TLS. El ataque solo puede ser explotado si una implementación reutiliza un secreto de DH en varias conexiones TLS. Tome en cuenta que este problema solo afecta a los conjuntos de cifrado DH y no a los conjuntos de cifrado ECDH. Este problema afecta a OpenSSL versión 1.0.2, que no es compatible y ya no recibe actualizaciones públicas. OpenSSL versión 1.1.1 no es vulnerable a este problema. Corregido en OpenSSL versión 1.0.2w (Afectadas versiones 1.0.2-1.0.2v).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-03 CVE Reserved
- 2020-09-09 CVE Published
- 2024-08-16 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20200911-0004 | Third Party Advisory | |
https://www.oracle.com/security-alerts/cpujan2021.html | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.oracle.com//security-alerts/cpujul2021.html | 2022-11-21 | |
https://www.oracle.com/security-alerts/cpuApr2021.html | 2022-11-21 | |
https://www.oracle.com/security-alerts/cpuapr2022.html | 2022-11-21 | |
https://www.oracle.com/security-alerts/cpuoct2021.html | 2022-11-21 |
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202210-02 | 2022-11-21 | |
https://usn.ubuntu.com/4504-1 | 2022-11-21 | |
https://www.openssl.org/news/secadv/20200909.txt | 2022-11-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Ethernet Switch Es2-64 Firmware Search vendor "Oracle" for product "Ethernet Switch Es2-64 Firmware" | 2.0.0.14 Search vendor "Oracle" for product "Ethernet Switch Es2-64 Firmware" and version "2.0.0.14" | - |
Affected
| in | Oracle Search vendor "Oracle" | Ethernet Switch Es2-64 Search vendor "Oracle" for product "Ethernet Switch Es2-64" | - | - |
Safe
|
Oracle Search vendor "Oracle" | Ethernet Switch Es2-72 Firmware Search vendor "Oracle" for product "Ethernet Switch Es2-72 Firmware" | 2.0.0.14 Search vendor "Oracle" for product "Ethernet Switch Es2-72 Firmware" and version "2.0.0.14" | - |
Affected
| in | Oracle Search vendor "Oracle" | Ethernet Switch Es2-72 Search vendor "Oracle" for product "Ethernet Switch Es2-72" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | M10-1 Firmware Search vendor "Fujitsu" for product "M10-1 Firmware" | < xcp2400 Search vendor "Fujitsu" for product "M10-1 Firmware" and version " < xcp2400" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-1 Search vendor "Fujitsu" for product "M10-1" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | M10-4 Firmware Search vendor "Fujitsu" for product "M10-4 Firmware" | < xcp2400 Search vendor "Fujitsu" for product "M10-4 Firmware" and version " < xcp2400" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4 Search vendor "Fujitsu" for product "M10-4" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | M10-4s Firmware Search vendor "Fujitsu" for product "M10-4s Firmware" | < xcp2400 Search vendor "Fujitsu" for product "M10-4s Firmware" and version " < xcp2400" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4s Search vendor "Fujitsu" for product "M10-4s" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | M12-1 Firmware Search vendor "Fujitsu" for product "M12-1 Firmware" | < xcp2400 Search vendor "Fujitsu" for product "M12-1 Firmware" and version " < xcp2400" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-1 Search vendor "Fujitsu" for product "M12-1" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | M12-2 Firmware Search vendor "Fujitsu" for product "M12-2 Firmware" | < xcp2400 Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp2400" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2 Search vendor "Fujitsu" for product "M12-2" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | M12-2s Firmware Search vendor "Fujitsu" for product "M12-2s Firmware" | < xcp2400 Search vendor "Fujitsu" for product "M12-2s Firmware" and version " < xcp2400" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2s Search vendor "Fujitsu" for product "M12-2s" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | M10-1 Firmware Search vendor "Fujitsu" for product "M10-1 Firmware" | < xcp3100 Search vendor "Fujitsu" for product "M10-1 Firmware" and version " < xcp3100" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-1 Search vendor "Fujitsu" for product "M10-1" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | M10-4 Firmware Search vendor "Fujitsu" for product "M10-4 Firmware" | < xcp3100 Search vendor "Fujitsu" for product "M10-4 Firmware" and version " < xcp3100" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4 Search vendor "Fujitsu" for product "M10-4" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | M10-4s Firmware Search vendor "Fujitsu" for product "M10-4s Firmware" | < xcp3100 Search vendor "Fujitsu" for product "M10-4s Firmware" and version " < xcp3100" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4s Search vendor "Fujitsu" for product "M10-4s" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | M12-1 Firmware Search vendor "Fujitsu" for product "M12-1 Firmware" | < xcp3100 Search vendor "Fujitsu" for product "M12-1 Firmware" and version " < xcp3100" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-1 Search vendor "Fujitsu" for product "M12-1" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | M12-2 Firmware Search vendor "Fujitsu" for product "M12-2 Firmware" | < xcp3100 Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp3100" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2 Search vendor "Fujitsu" for product "M12-2" | - | - |
Safe
|
Fujitsu Search vendor "Fujitsu" | M12-2s Firmware Search vendor "Fujitsu" for product "M12-2s Firmware" | < xcp3100 Search vendor "Fujitsu" for product "M12-2s Firmware" and version " < xcp3100" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2s Search vendor "Fujitsu" for product "M12-2s" | - | - |
Safe
|
Oracle Search vendor "Oracle" | Ethernet Switch Es1-24 Firmware Search vendor "Oracle" for product "Ethernet Switch Es1-24 Firmware" | 1.3.1 Search vendor "Oracle" for product "Ethernet Switch Es1-24 Firmware" and version "1.3.1" | - |
Affected
| in | Oracle Search vendor "Oracle" | Ethernet Switch Es1-24 Search vendor "Oracle" for product "Ethernet Switch Es1-24" | - | - |
Safe
|
Oracle Search vendor "Oracle" | Ethernet Switch Tor-72 Firmware Search vendor "Oracle" for product "Ethernet Switch Tor-72 Firmware" | 1.2.2 Search vendor "Oracle" for product "Ethernet Switch Tor-72 Firmware" and version "1.2.2" | - |
Affected
| in | Oracle Search vendor "Oracle" | Ethernet Switch Tor-72 Search vendor "Oracle" for product "Ethernet Switch Tor-72" | - | - |
Safe
|
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | >= 1.0.2 <= 1.0.2v Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2 <= 1.0.2v" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jd Edwards World Security Search vendor "Oracle" for product "Jd Edwards World Security" | a9.4 Search vendor "Oracle" for product "Jd Edwards World Security" and version "a9.4" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.56 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.56" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.57 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.57" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58" | - |
Affected
|