Intrusion PreventionRSA.PKCS.1.Decryption.Attack.Vulnerable.Handshake
Description
This indicates an attack attempt to exploit a Cryptographic vulnerability in TLS protocol.
The vulnerability is due to an error in the application when it handles RSA key exchange. A remote attacker can exploit this to recover the private key from a vulnerable application by leveraging a Bleichenbacher RSA padding oracle.
Affected Products
F5 BIG-IP WebSafe 13.0
F5 BIG-IP WebSafe 12.1.2
F5 BIG-IP WebSafe 12.1.1
F5 BIG-IP WebSafe 12.1
F5 BIG-IP WebSafe 12.0
F5 BIG-IP WebSafe 11.6.2
F5 BIG-IP WebSafe 11.6.1
F5 BIG-IP WebSafe 11.6
F5 BIG-IP PEM 13.0
F5 BIG-IP PEM 12.1.2
F5 BIG-IP PEM 12.1.1
F5 BIG-IP PEM 12.0
F5 BIG-IP PEM 11.6.2
F5 BIG-IP PEM 11.6.1
F5 BIG-IP PEM 12.1.0
F5 BIG-IP PEM 11.6.0
F5 BIG-IP LTM 13.0
F5 BIG-IP LTM 12.1.2
F5 BIG-IP LTM 12.1.1
F5 BIG-IP LTM 12.0
F5 BIG-IP LTM 11.6.2
F5 BIG-IP LTM 11.6.1
F5 BIG-IP LTM 12.1.0
F5 BIG-IP LTM 11.6.0
F5 BIG-IP Link Controller 13.0
F5 BIG-IP Link Controller 12.1.2
F5 BIG-IP Link Controller 12.1.1
F5 BIG-IP Link Controller 12.0
F5 BIG-IP Link Controller 11.6
F5 BIG-IP Link Controller 12.1.0
F5 BIG-IP Link Controller 11.6.2
F5 BIG-IP Link Controller 11.6.1
F5 BIG-IP GTM 11.6.2
F5 BIG-IP GTM 11.6.1
F5 BIG-IP GTM 11.6.0
F5 BIG-IP DNS 13.0
F5 BIG-IP DNS 12.1.2
F5 BIG-IP DNS 12.0
F5 BIG-IP DNS 12.1.0
F5 BIG-IP ASM 13.0
F5 BIG-IP ASM 12.1.2
F5 BIG-IP ASM 12.1.1
F5 BIG-IP ASM 12.0
F5 BIG-IP ASM 11.6.2
F5 BIG-IP ASM 11.6.1
F5 BIG-IP ASM 12.1.0
F5 BIG-IP ASM 11.6.0
F5 BIG-IP APM 13.0
F5 BIG-IP APM 12.1.2
F5 BIG-IP APM 12.1.1
F5 BIG-IP APM 12.0
F5 BIG-IP APM 11.6.2
F5 BIG-IP APM 11.6.1
F5 BIG-IP APM 12.1.0
F5 BIG-IP APM 11.6.0
F5 BIG-IP Analytics 13.0
F5 BIG-IP Analytics 12.1.2
F5 BIG-IP Analytics 12.1.1
F5 BIG-IP Analytics 12.0
F5 BIG-IP Analytics 11.6.2
F5 BIG-IP Analytics 11.6.1
F5 BIG-IP Analytics 12.1.0
F5 BIG-IP Analytics 11.6.0
F5 BIG-IP AFM 13.0
F5 BIG-IP AFM 12.1.2
F5 BIG-IP AFM 12.1.1
F5 BIG-IP AFM 12.0
F5 BIG-IP AFM 11.6.1
F5 BIG-IP AFM 12.1.0
F5 BIG-IP AFM 11.6.2
F5 BIG-IP AFM 11.6.0
F5 BIG-IP AAM 13.0
F5 BIG-IP AAM 12.1.2
F5 BIG-IP AAM 12.1.1
F5 BIG-IP AAM 12.0
F5 BIG-IP AAM 11.6.2
F5 BIG-IP AAM 11.6.1
F5 BIG-IP AAM 12.1.0
F5 BIG-IP AAM 11.6.0
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.0 before build 71.22
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.1 before build 56.19
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 12.0 before build 53.22
Radware Alteon devices firmware version between 31.0.0.0-31.0.3.0
Cisco ACE 4710 Application Control Engine Appliance
Cisco ACE30 Application Control Engine Module
Cisco Adaptive Security Appliance (ASA) - ASA 5505, 5510, 5520, 5540, and 5550
BouncyCastle TLS prior to version 1.0.3
Erlang OTP 18.3.4.7
Erlang OTP 19.3.6.4
Erlang OTP 20.1.7
MatrixSSL before 3.8.3
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Please refer to the following website for suggested workaround.
https://robotattack.org/
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
References
https://robotattack.org/| ID | 45511 |
| Created | Feb 14, 2018 |
| Updated | Mar 06, 2018 |
| Risk |
|
| CVE ID | |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Other |