Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2020-1968

Disclosure Date: September 09, 2020
CVE-2020-1968 CVSS v3 Base Score: 3.7
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
3.7 Low
Impact Score:
1.4
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
OpenSSL Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • fujitsu,
  • openssl,
  • oracle

Products

  • debian linux 9.0,
  • ethernet switch es1-24 firmware 1.3.1,
  • ethernet switch es2-64 firmware 2.0.0.14,
  • ethernet switch es2-72 firmware 2.0.0.14,
  • ethernet switch tor-72 firmware 1.2.2,
  • jd edwards world security a9.4,
  • m10-1 firmware,
  • m10-4 firmware,
  • m10-4s firmware,
  • m12-1 firmware,
  • m12-2 firmware,
  • m12-2s firmware,
  • openssl,
  • peoplesoft enterprise peopletools 8.56,
  • peoplesoft enterprise peopletools 8.57,
  • peoplesoft enterprise peopletools 8.58,
  • ubuntu linux 16.04,
  • ubuntu linux 18.04
Technical Analysis