Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ethernet_switch_es2-72_firmware by oracle

    CVE-2020-1968 (GCVE-0-2020-1968)

    Vulnerability from nvd – Published: 2020-09-09 13:50 – Updated: 2026-04-16 14:10
    VLAI
    Title
    Raccoon attack
    Summary
    The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Protocol flaw
    • CWE-203 - Observable Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)
    Create a notification for this product.
    Date Public
    2020-09-09 00:00
    Credits
    Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20200909.txt"
              },
              {
                "name": "USN-4504-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4504-1/"
              },
              {
                "name": "[debian-lts-announce] 20200925 [SECURITY] [DLA 2378-1] openssl1.0 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200911-0004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "name": "GLSA-202210-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202210-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.7,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-1968",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T14:10:30.475111Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T14:10:35.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky"
            }
          ],
          "datePublic": "2020-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Low",
                  "value": "Low"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Protocol flaw",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-16T00:00:00.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20200909.txt"
            },
            {
              "name": "USN-4504-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/4504-1/"
            },
            {
              "name": "[debian-lts-announce] 20200925 [SECURITY] [DLA 2378-1] openssl1.0 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20200911-0004/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "GLSA-202210-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202210-02"
            }
          ],
          "title": "Raccoon attack"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2020-1968",
        "datePublished": "2020-09-09T13:50:12.423Z",
        "dateReserved": "2019-12-03T00:00:00.000Z",
        "dateUpdated": "2026-04-16T14:10:35.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-1968 (GCVE-0-2020-1968)

    Vulnerability from cvelistv5 – Published: 2020-09-09 13:50 – Updated: 2026-04-16 14:10
    VLAI
    Title
    Raccoon attack
    Summary
    The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Protocol flaw
    • CWE-203 - Observable Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)
    Create a notification for this product.
    Date Public
    2020-09-09 00:00
    Credits
    Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20200909.txt"
              },
              {
                "name": "USN-4504-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4504-1/"
              },
              {
                "name": "[debian-lts-announce] 20200925 [SECURITY] [DLA 2378-1] openssl1.0 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200911-0004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "name": "GLSA-202210-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202210-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.7,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-1968",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T14:10:30.475111Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T14:10:35.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky"
            }
          ],
          "datePublic": "2020-09-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Low",
                  "value": "Low"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Protocol flaw",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-16T00:00:00.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20200909.txt"
            },
            {
              "name": "USN-4504-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/4504-1/"
            },
            {
              "name": "[debian-lts-announce] 20200925 [SECURITY] [DLA 2378-1] openssl1.0 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20200911-0004/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "GLSA-202210-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202210-02"
            }
          ],
          "title": "Raccoon attack"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2020-1968",
        "datePublished": "2020-09-09T13:50:12.423Z",
        "dateReserved": "2019-12-03T00:00:00.000Z",
        "dateUpdated": "2026-04-16T14:10:35.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }