Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-17841

Опубликовано: 10 янв. 2018
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:paloaltonetworks:pan-os:6.1.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:paloaltonetworks:pan-os:7.1.0:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.1:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.3:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.4:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.4-h2:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.5:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.6:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.7:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.8:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.9:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.10:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.11:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.12:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.13:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.14:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:paloaltonetworks:pan-os:8.0.0:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:8.0.1:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:8.0.2:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:8.0.3:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:8.0.4:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:8.0.5:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:8.0.6:*:*:*:*:*:*:*

EPSS

Процентиль: 81%
0.0146
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-f3c4-7m99-h392

CVSS3: 5.9
github
больше 3 лет назад

Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

EPSS

Процентиль: 81%
0.0146
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo