Lucene search

[email protected]CVE-2016-0887

HistoryApr 12, 2016 - 11:59 p.m.

CVE-2016-0887

2016-04-1223:59:31

CWE-200

[email protected]

web.nvd.nist.gov

cve-2016-0887

emc

rsa

bsafe

micro edition suite

mes

crypto-c

ccme

crypto-j

ssl-j

ssl-c

security vulnerability

lenstra side-channel attack

tls

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.7%

JSON

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application’s failure to detect an RSA signature failure during a TLS session.

Affected configurations

NVD

Node

dellbsafe_crypto-c-micro-editionRange4.0–4.0.5.3

dellbsafe_crypto-c-micro-editionRange4.1–4.1.2

dellbsafe_crypto-jRange<6.2.1

dellbsafe_micro-edition-suiteRange4.0.0–4.0.11

dellbsafe_micro-edition-suiteRange4.1.0–4.1.5

dellbsafe_ssl-cRange<2.8.9

dellbsafe_ssl-jRange<6.2.1

CPENameOperatorVersion
dell:bsafe_crypto-c-micro-editiondell bsafe crypto-c-micro-editionle4.0.5.3
dell:bsafe_crypto-c-micro-editiondell bsafe crypto-c-micro-editionle4.1.2
dell:bsafe_crypto-jdell bsafe crypto-jlt6.2.1
dell:bsafe_micro-edition-suitedell bsafe micro-edition-suitele4.0.11
dell:bsafe_micro-edition-suitedell bsafe micro-edition-suitelt4.1.5
dell:bsafe_ssl-cdell bsafe ssl-clt2.8.9
dell:bsafe_ssl-jdell bsafe ssl-jlt6.2.1

CPE	Name	Operator	Version
dell:bsafe_crypto-c-micro-edition	dell bsafe crypto-c-micro-edition	le	4.0.5.3
dell:bsafe_crypto-c-micro-edition	dell bsafe crypto-c-micro-edition	le	4.1.2
dell:bsafe_crypto-j	dell bsafe crypto-j	lt	6.2.1
dell:bsafe_micro-edition-suite	dell bsafe micro-edition-suite	le	4.0.11
dell:bsafe_micro-edition-suite	dell bsafe micro-edition-suite	lt	4.1.5
dell:bsafe_ssl-c	dell bsafe ssl-c	lt	2.8.9
dell:bsafe_ssl-j	dell bsafe ssl-j	lt	6.2.1

References

packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html

seclists.org/bugtraq/2016/Apr/66

www.securityfocus.com/archive/1/538055/100/0/threaded

www.securitytracker.com/id/1035515

www.securitytracker.com/id/1035516

www.securitytracker.com/id/1035517

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.7%

JSON

Related for CVE-2016-0887

prion1 cvelist1 nvd1