Lucene search

[email protected]CVE-2020-1968

HistorySep 09, 2020 - 2:15 p.m.

CVE-2020-1968

2020-09-0914:15:12

CWE-203

[email protected]

web.nvd.nist.gov

299

cve-2020-1968

raccoon attack

tls flaw

pre-master secret

encryption

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

3.9 Low

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.9%

JSON

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

Affected configurations

NVD

Node

opensslopensslRange1.0.2–1.0.2v

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

Node

debiandebian_linuxMatch9.0

Node

oraclejd_edwards_world_securityMatcha9.4

oraclepeoplesoft_enterprise_peopletoolsMatch8.56

oraclepeoplesoft_enterprise_peopletoolsMatch8.57

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

Node

oracleethernet_switch_es2-64Match-

AND

oracleethernet_switch_es2-64_firmwareMatch2.0.0.14

Node

oracleethernet_switch_es2-72Match-

AND

oracleethernet_switch_es2-72_firmwareMatch2.0.0.14

Node

fujitsum10-1Match-

AND

fujitsum10-1_firmwareRange<xcp2400

Node

fujitsum10-4Match-

AND

fujitsum10-4_firmwareRange<xcp2400

Node

fujitsum10-4sMatch-

AND

fujitsum10-4s_firmwareRange<xcp2400

Node

fujitsum12-1Match-

AND

fujitsum12-1_firmwareRange<xcp2400

Node

fujitsum12-2_firmwareRange<xcp2400

AND

fujitsum12-2Match-

Node

fujitsum12-2s_firmwareRange<xcp2400

AND

fujitsum12-2sMatch-

Node

fujitsum10-1_firmwareRange<xcp3100

AND

fujitsum10-1Match-

Node

fujitsum10-4_firmwareRange<xcp3100

AND

fujitsum10-4Match-

Node

fujitsum10-4s_firmwareRange<xcp3100

AND

fujitsum10-4sMatch-

Node

fujitsum12-1_firmwareRange<xcp3100

AND

fujitsum12-1Match-

Node

fujitsum12-2_firmwareRange<xcp3100

AND

fujitsum12-2Match-

Node

fujitsum12-2s_firmwareRange<xcp3100

AND

fujitsum12-2sMatch-

Node

oracleethernet_switch_es1-24_firmwareMatch1.3.1

AND

oracleethernet_switch_es1-24Match-

Node

oracleethernet_switch_tor-72_firmwareMatch1.2.2

AND

oracleethernet_switch_tor-72Match-

CPENameOperatorVersion
openssl:opensslopensslle1.0.2v

CPE	Name	Operator	Version
openssl:openssl	openssl	le	1.0.2v

CNA Affected

[
  {
    "vendor": "OpenSSL",
    "product": "OpenSSL",
    "versions": [
      {
        "version": "Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)",
        "status": "affected"
      }
    ]
  }
]