CVE-2017-15533

Name of the Vulnerable Software and Affected Versions: Symantec SSL Visibility (SSLV) versions 3.8.4FC through 3.10 prior to 3.10.4.1 Symantec SSL Visibility (SSLV) version 3.11 Symantec SSL Visibility (SSLV) versions 3.12 prior to 3.12.2.1

Description: The issue allows a remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, to establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. All affected SSLV versions act as weak oracles according to the oracle classification used in the ROBOT research paper.

Recommendations: For Symantec SSL Visibility (SSLV) versions 3.8.4FC through 3.10 prior to 3.10.4.1, update to version 3.10.4.1 or later. For Symantec SSL Visibility (SSLV) version 3.11, update to a later version that is not vulnerable. For Symantec SSL Visibility (SSLV) versions 3.12 prior to 3.12.2.1, update to version 3.12.2.1 or later.