5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.009 Low
EPSS
Percentile
82.5%
The OpenSSL Team reports:
A weakness in the OpenSSL CMS and PKCS #7 code can be exploited
using Bleichenbacherโs attack on PKCS #1 v1.5 RSA padding
also known as the million message attack (MMA).
Only users of CMS, PKCS #7, or S/MIME decryption operations are
affected. A successful attack needs on average 2^20 messages. In
practice only automated systems will be affected as humans will
not be willing to process this many messages.
SSL/TLS applications are NOT affected by this problem since
the SSL/TLS code does not use the PKCS#7 or CMS decryption
code.