First published: Wed Dec 13 2017(Updated: )
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
WolfSSL wolfssl | <3.12.2 | |
Siemens Scalance W1750d Firmware | <8.3.0.1 | |
Siemens SCALANCE W1750D | ||
Arubanetworks Instant | <6.5.4.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2017-13099.
The severity of CVE-2017-13099 is high.
wolfSSL prior to version 3.12.2 and Arubanetworks Instant prior to version 6.5.4.6 are affected by CVE-2017-13099.
The vulnerability is referred to as "ROBOT".
An attacker can recover the private key from a vulnerable wolfSSL application.