Vulnerability Description
Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Radware | Alteon | <= 30.0.5.10 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/96172Third Party AdvisoryVDB Entry
- https://github.com/nonce-disrespect/nonce-disrespectThird Party Advisory
- https://support.radware.com/app/answers/answer_view/a_id/18456Vendor Advisory
- http://www.securityfocus.com/bid/96172Third Party AdvisoryVDB Entry
- https://github.com/nonce-disrespect/nonce-disrespectThird Party Advisory
- https://support.radware.com/app/answers/answer_view/a_id/18456Vendor Advisory
FAQ
What is CVE-2016-10212?
CVE-2016-10212 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-027...
How severe is CVE-2016-10212?
CVE-2016-10212 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10212?
Check the references section above for vendor advisories and patch information. Affected products include: Radware Alteon.