Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-1968

Опубликовано: 09 сент. 2020
Источник: nvd
CVSS3: 3.7
CVSS2: 4.3
EPSS Низкий

Описание

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Версия от 1.0.2 (включая) до 1.0.2v (включая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:oracle:ethernet_switch_es2-64_firmware:2.0.0.14:*:*:*:*:*:*:*
cpe:2.3:h:oracle:ethernet_switch_es2-64:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:oracle:ethernet_switch_es2-72_firmware:2.0.0.14:*:*:*:*:*:*:*
cpe:2.3:h:oracle:ethernet_switch_es2-72:-:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
Версия до xcp2400 (исключая)
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*
Конфигурация 8

Одновременно

cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
Версия до xcp2400 (исключая)
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*
Конфигурация 9

Одновременно

cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
Версия до xcp2400 (исключая)
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*
Конфигурация 10

Одновременно

cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
Версия до xcp2400 (исключая)
cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*
Конфигурация 11

Одновременно

cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
Версия до xcp2400 (исключая)
cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*
Конфигурация 12

Одновременно

cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
Версия до xcp2400 (исключая)
cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*
Конфигурация 13

Одновременно

cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
Версия до xcp3100 (исключая)
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*
Конфигурация 14

Одновременно

cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
Версия до xcp3100 (исключая)
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*
Конфигурация 15

Одновременно

cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
Версия до xcp3100 (исключая)
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*
Конфигурация 16

Одновременно

cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
Версия до xcp3100 (исключая)
cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*
Конфигурация 17

Одновременно

cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
Версия до xcp3100 (исключая)
cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*
Конфигурация 18

Одновременно

cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
Версия до xcp3100 (исключая)
cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*
Конфигурация 19

Одновременно

cpe:2.3:o:oracle:ethernet_switch_es1-24_firmware:1.3.1:*:*:*:*:*:*:*
cpe:2.3:h:oracle:ethernet_switch_es1-24:-:*:*:*:*:*:*:*
Конфигурация 20

Одновременно

cpe:2.3:o:oracle:ethernet_switch_tor-72_firmware:1.2.2:*:*:*:*:*:*:*
cpe:2.3:h:oracle:ethernet_switch_tor-72:-:*:*:*:*:*:*:*

EPSS

Процентиль: 74%
0.00844
Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

ubuntu логотип

CVE-2020-1968

CVSS3: 3.7
ubuntu
больше 5 лет назад

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

redhat логотип

CVE-2020-1968

CVSS3: 5.9
redhat
больше 5 лет назад

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

debian логотип

CVE-2020-1968

CVSS3: 3.7
debian
больше 5 лет назад

The Raccoon attack exploits a flaw in the TLS specification which can ...

suse-cvrf логотип

SUSE-SU-2020:14511-1

suse-cvrf
больше 5 лет назад

Security update for openssl1

suse-cvrf логотип

SUSE-SU-2020:14491-1

suse-cvrf
больше 5 лет назад

Security update for openssl

EPSS

Процентиль: 74%
0.00844
Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-203