PT-2017-7809 · Radware+1 · Radware+1
Hanno Böck
·
Publicado
2017-02-08
·
Atualizado
2017-03-02
·
CVE-2016-10212
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Radware devices (affected versions not specified)
Description
The issue allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack" due to the use of the same value for the first two GCM nonces. This is similar to a previously known issue. The problem may be related to the use of a third-party Cavium product.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cavium
Radware