virus logo Intrusion Prevention

Robot.PKCS.RSA.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit a cryptographic vulnerability in TLS protocol.
The vulnerability is due to an error in the application when it handles RSA key exchange. A remote attacker can exploit this to recover the private key from a vulnerable application by leveraging a Bleichenbacher RSA padding oracle.

affected-products-logoAffected Products

F5 BIG-IP LTM 11.6.0 - 11.6.2
F5 BIG-IP LTM 12.0.0 - 12.1.2
F5 BIG-IP LTM 13.0.0
F5 BIG-IP Application Acceleration Manager 11.6.0-11.6.2
F5 BIG-IP Application Acceleration Manager 12.0.0-12.1.2
F5 BIG-IP Application Acceleration Manager 13.0.0
F5 BIG-IP AFM 11.6.0-11.6.2
F5 BIG-IP AFM 12.0.0-12.1.2
F5 BIG-IP AFM 13.0.0
F5 BIG-IP Analytics 11.6.0-11.6.2
F5 BIG-IP Analytics 12.0.0-12.1.2
F5 BIG-IP Analytics 13.0.0
F5 BIG-IP APM 11.6.0-11.6.2
F5 BIG-IP APM 12.0.0-12.1.2
F5 BIG-IP APM 13.0.0
F5 BIG-IP ASM 11.6.0-11.6.2
F5 BIG-IP ASM 12.0.0-12.1.2
F5 BIG-IP ASM 13.0.0
F5 BIG-IP Link Controller 11.6.0-11.6.2
F5 BIG-IP Link Controller 12.0.0-12.1.2
F5 BIG-IP Link Controller 13.0.0
F5 BIG-IP PEM 11.6.0-11.6.2
F5 BIG-IP PEM 12.0.0-12.1.2
F5 BIG-IP PEM 13.0.0
F5 BIG-IP Websafe 11.6.0-11.6.2
F5 BIG-IP Websafe 12.0.0-12.1.2
F5 BIG-IP WebSafe 13.0.0
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.0 before build 71.22
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.1 before build 56.19
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 12.0 before build 53.22
Radware Alteon devices firmware version between 31.0.0.0-31.0.3.0
Cisco ACE 4710 Application Control Engine Appliance
Cisco ACE30 Application Control Engine Module
Cisco Adaptive Security Appliance (ASA) - ASA 5505, 5510, 5520, 5540, and 5550
BouncyCastle TLS prior to version 1.0.3
Erlang OTP 18.3.4.7
Erlang OTP 19.3.6.4
Erlang OTP 20.1.7
MatrixSSL before 3.8.3
PAN-OS 6.1 versions earlier than 6.1.19
PAN-OS 7.1 versions earlier than 7.1.14
PAN-OS 8.0 versions earlier than 8.0.6-h3

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Please refer to the following website for suggested workaround.
https://robotattack.org/
https://securityadvisories.paloaltonetworks.com/CVE-2017-17841

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

https://eprint.iacr.org/2018/1173 ROBOTATTACK
ID 45169
Created Jan 03, 2018
Updated Apr 10, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2018-16869 CVE-2018-16870 CVE-2018-16868 CVE-2018-19608 CVE-2018-12404 CVE-2012-5081 CVE-2016-6883 CVE-2018-1388 CVE-2017-13099 CVE-2017-17841 CVE-2017-13098 CVE-2017-1000385 CVE-2017-12373 CVE-2017-17428 CVE-2017-17427 CVE-2017-17382 CVE-2017-6168
Exploit Prediction Score 15.11%
Default Action pass
Active
Affected OS All
Affected App Other