CVE-2017-13099: wolfSSL Bleichenbacher/ROBOT
First published: Wed Dec 13 2017(Updated: )
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WolfSSL wolfssl | <3.12.2 | |
| Siemens Scalance W1750d Firmware | <8.3.0.1 | |
| Siemens SCALANCE W1750D | ||
| Arubanetworks Instant | <6.5.4.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2017-13099.
What is the severity of CVE-2017-13099?
The severity of CVE-2017-13099 is high.
Which software versions are affected by CVE-2017-13099?
wolfSSL prior to version 3.12.2 and Arubanetworks Instant prior to version 6.5.4.6 are affected by CVE-2017-13099.
What is the vulnerability referred to as?
The vulnerability is referred to as "ROBOT".
How can an attacker exploit CVE-2017-13099?
An attacker can recover the private key from a vulnerable wolfSSL application.
- agent/references
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/remedy
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/wolfssl
- canonical/wolfssl wolfssl
- vendor/siemens
- canonical/siemens scalance w1750d firmware
- canonical/siemens scalance w1750d
- vendor/arubanetworks
- canonical/arubanetworks instant