CVE-2017-17428

Name of the Vulnerable Software and Affected Versions: Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) (affected versions not specified) Cavium Octeon SSL (affected versions not specified)

Description: The issue is related to a Bleichenbacher RSA padding oracle, also known as a ROBOT attack, which allows remote attackers to decrypt TLS ciphertext data. This is due to errors in the implementation of the TLS standard in the affected software development kits. The exploitation of this issue can allow a remote attacker to reveal protected information.

Recommendations: For Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs), consider disabling the TLS protocol until a patch is available. For Cavium Octeon SSL, restrict access to the TLS implementation to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.