Attacker Value
High
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
4

CVE-2016-2183

Disclosure Date: September 01, 2016
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Validated
Initial Access
Techniques
Validation
Validated
Privilege Escalation
Techniques
Validation
Validated

Description

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Vendors

  • cisco,
  • nodejs,
  • openssl,
  • oracle,
  • python,
  • redhat

Products

  • content security management appliance 9.6.6-068,
  • content security management appliance 9.7.0-006,
  • database 11.2.0.4,
  • database 12.1.0.2,
  • enterprise linux 5.0,
  • enterprise linux 6.0,
  • enterprise linux 7.0,
  • jboss enterprise application platform 6.0.0,
  • jboss enterprise web server 1.0.0,
  • jboss enterprise web server 2.0.0,
  • jboss web server 3.0,
  • node.js,
  • openssl 1.0.1a,
  • openssl 1.0.1b,
  • openssl 1.0.1c,
  • openssl 1.0.1d,
  • openssl 1.0.1e,
  • openssl 1.0.1f,
  • openssl 1.0.1g,
  • openssl 1.0.1h,
  • openssl 1.0.1i,
  • openssl 1.0.1j,
  • openssl 1.0.1k,
  • openssl 1.0.1l,
  • openssl 1.0.1m,
  • openssl 1.0.1n,
  • openssl 1.0.1o,
  • openssl 1.0.1p,
  • openssl 1.0.1q,
  • openssl 1.0.1r,
  • openssl 1.0.1t,
  • openssl 1.0.2a,
  • openssl 1.0.2b,
  • openssl 1.0.2c,
  • openssl 1.0.2d,
  • openssl 1.0.2e,
  • openssl 1.0.2f,
  • openssl 1.0.2h,
  • python

Exploited in the Wild

Reported by:

References

Advisory
Miscellaneous

Additional Info

Technical Analysis