4.3
CVSSv2

CVE-2017-17841

Published: 10/01/2018 Updated: 17/02/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x prior to 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote malicious users to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

paloaltonetworks pan-os 6.1.0

paloaltonetworks pan-os 7.1.4

paloaltonetworks pan-os 7.1.4-h2

paloaltonetworks pan-os 7.1.5

paloaltonetworks pan-os 7.1.6

paloaltonetworks pan-os 7.1.1

paloaltonetworks pan-os 7.1.3

paloaltonetworks pan-os 7.1.7

paloaltonetworks pan-os 7.1.9

paloaltonetworks pan-os 7.1.11

paloaltonetworks pan-os 7.1.12

paloaltonetworks pan-os 7.1.13

paloaltonetworks pan-os 7.1.10

paloaltonetworks pan-os 7.1.0

paloaltonetworks pan-os 7.1.2

paloaltonetworks pan-os 7.1.8

paloaltonetworks pan-os 7.1.14

paloaltonetworks pan-os 8.0.4

paloaltonetworks pan-os 8.0.5

paloaltonetworks pan-os 8.0.6

paloaltonetworks pan-os 8.0.0

paloaltonetworks pan-os 8.0.2

paloaltonetworks pan-os 8.0.1

paloaltonetworks pan-os 8.0.3

Vendor Advisories

ROBOT is an attack that affects the TLS RSA key exchange and could lead to decryption of captured sessions if the TLS server originally serving said captured session is still alive, vulnerable and using the same private key (PAN-89936 / CVE-2017-17841) ...