CVE-2017-15533

Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:broadcom:ssl_visibility_appliance:3.8.4fc:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ssl_visibility_appliance:3.10:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ssl_visibility_appliance:3.11:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ssl_visibility_appliance:3.12:*:*:*:*:*:*:*

History

21 Nov 2024, 03:14

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/104163 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/104163 - Third Party Advisory, VDB Entry
References () https://www.symantec.com/security-center/network-protection-security-advisories/SA160 - Vendor Advisory () https://www.symantec.com/security-center/network-protection-security-advisories/SA160 - Vendor Advisory

Information

Published : 2018-05-17 13:29

Updated : 2024-11-21 03:14


NVD link : CVE-2017-15533

Mitre link : CVE-2017-15533

CVE.ORG link : CVE-2017-15533


JSON object : View

Products Affected

broadcom

  • ssl_visibility_appliance
CWE
CWE-203

Observable Discrepancy