Vulnerability Details : CVE-2017-13099
Public exploit exists!
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
Products affected by CVE-2017-13099
- cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:arubanetworks:instant:*:*:*:*:*:*:*:*
- cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-13099
0.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2017-13099
-
Scanner for Bleichenbacher Oracle in RSA PKCS #1 v1.5
Disclosure Date: 2009-06-17First seen: 2020-04-26auxiliary/scanner/ssl/bleichenbacher_oracleSome TLS implementations handle errors processing RSA key exchanges and encryption (PKCS #1 v1.5 messages) in a broken way that leads an adaptive chosen-chiphertext attack. Attackers cannot recover a server's private key, but they can decrypt and sign messages with i
CVSS scores for CVE-2017-13099
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
CERT/CC | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2017-13099
-
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.Assigned by:
- cret@cert.org (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2017-13099
-
http://www.securityfocus.com/bid/102174
wolfSSL CVE-2017-13099 Information Disclosure VulnerabilityIssue Tracking;Mitigation;Third Party Advisory;VDB Entry
-
http://www.kb.cert.org/vuls/id/144389
VU#144389 - TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 paddingIssue Tracking;Mitigation;Third Party Advisory;US Government Resource
-
https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf
Third Party Advisory
-
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt
Third Party Advisory
-
https://robotattack.org/
The ROBOT Attack - Return of Bleichenbacher's Oracle ThreatIssue Tracking;Third Party Advisory
-
https://github.com/wolfSSL/wolfssl/pull/1229
Fix for handling of static RSA padding failures by dgarske · Pull Request #1229 · wolfSSL/wolfssl · GitHubIssue Tracking;Patch;Third Party Advisory
Jump to