CVE-2018-12404MEDIUM
Description
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
References
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
http://www.securityfocus.com/bid/107260
https://access.redhat.com/errata/RHSA-2019:2237
https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Details
Source: MITRE
Published: 2019-05-02
Updated: 2021-02-12
Type: NVD-CWE-noinfo
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 5.9
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 2.2
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 141721 | EulerOS Virtualization 3.0.2.2 : nss (EulerOS-SA-2020-2205) | Nessus | Huawei Local Security Checks | medium |
| 141062 | Debian DLA-2388-1 : nss security update | Nessus | Debian Local Security Checks | critical |
| 140867 | EulerOS 2.0 SP3 : nss (EulerOS-SA-2020-2100) | Nessus | Huawei Local Security Checks | medium |
| 137973 | EulerOS Virtualization 3.0.6.0 : nss-softokn (EulerOS-SA-2020-1754) | Nessus | Huawei Local Security Checks | medium |
| 137937 | EulerOS Virtualization 3.0.6.0 : nss (EulerOS-SA-2020-1718) | Nessus | Huawei Local Security Checks | medium |
| 137493 | EulerOS 2.0 SP2 : nss-softokn (EulerOS-SA-2020-1651) | Nessus | Huawei Local Security Checks | medium |
| 134681 | Amazon Linux AMI : nss / nss-softokn,nss-util,nspr (ALAS-2020-1355) | Nessus | Amazon Linux Local Security Checks | medium |
| 134541 | EulerOS Virtualization for ARM 64 3.0.2.0 : nss-softokn (EulerOS-SA-2020-1252) | Nessus | Huawei Local Security Checks | medium |
| 134503 | EulerOS Virtualization for ARM 64 3.0.2.0 : nss (EulerOS-SA-2020-1214) | Nessus | Huawei Local Security Checks | medium |
| 132493 | NewStart CGSL CORE 5.05 / MAIN 5.05 : nss Multiple Vulnerabilities (NS-SA-2019-0236) | Nessus | NewStart CGSL Local Security Checks | medium |
| 131620 | EulerOS 2.0 SP2 : nss (EulerOS-SA-2019-2467) | Nessus | Huawei Local Security Checks | medium |
| 130883 | EulerOS 2.0 SP5 : nss (EulerOS-SA-2019-2174) | Nessus | Huawei Local Security Checks | medium |
| 130708 | EulerOS 2.0 SP3 : nss-softokn (EulerOS-SA-2019-2246) | Nessus | Huawei Local Security Checks | medium |
| 129915 | NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0193) | Nessus | NewStart CGSL Local Security Checks | medium |
| 129563 | Amazon Linux 2 : nss (ALAS-2019-1305) | Nessus | Amazon Linux Local Security Checks | medium |
| 129173 | EulerOS 2.0 SP5 : nss-softokn (EulerOS-SA-2019-1979) | Nessus | Huawei Local Security Checks | medium |
| 128378 | CentOS 7 : nspr / nss / nss-softokn / nss-util (CESA-2019:2237) | Nessus | CentOS Local Security Checks | medium |
| 128243 | Scientific Linux Security Update : nss, nss-softokn, nss-util, and nspr on SL7.x x86_64 (20190806) | Nessus | Scientific Linux Local Security Checks | medium |
| 127699 | RHEL 7 : nss, nss-softokn, nss-util, and nspr (RHSA-2019:2237) | Nessus | Red Hat Local Security Checks | medium |
| 126898 | openSUSE Security Update : MozillaFirefox (openSUSE-2019-1758) | Nessus | SuSE Local Security Checks | high |
| 126189 | Photon OS 1.0: Nss PHSA-2019-1.0-0239 | Nessus | PhotonOS Local Security Checks | high |
| 126184 | Photon OS 3.0: Nss PHSA-2019-3.0-0020 | Nessus | PhotonOS Local Security Checks | medium |
| 126182 | Photon OS 2.0: Nss PHSA-2019-2.0-0164 | Nessus | PhotonOS Local Security Checks | medium |
| 123408 | openSUSE Security Update : mozilla-nss (openSUSE-2019-998) | Nessus | SuSE Local Security Checks | medium |
| 123164 | openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2019-1039) | Nessus | SuSE Local Security Checks | medium |
| 122604 | Debian DLA-1704-1 : nss security update | Nessus | Debian Local Security Checks | medium |
| 122225 | openSUSE Security Update : mozilla-nss (openSUSE-2019-183) | Nessus | SuSE Local Security Checks | medium |
| 121638 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:0273-1) | Nessus | SuSE Local Security Checks | high |
| 121062 | Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nss vulnerabilities (USN-3850-1) | Nessus | Ubuntu Local Security Checks | medium |
| 120683 | Fedora 29 : nss (2018-a78b2ef820) | Nessus | Fedora Local Security Checks | medium |
| 120299 | Fedora 28 : nss (2018-2575edf8d3) | Nessus | Fedora Local Security Checks | medium |
| 120193 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4235-1) | Nessus | SuSE Local Security Checks | high |
| 119948 | openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2018-1618) | Nessus | SuSE Local Security Checks | low |
| 119871 | SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1) | Nessus | SuSE Local Security Checks | high |
| 119670 | openSUSE Security Update : mozilla-nss (openSUSE-2018-1540) | Nessus | SuSE Local Security Checks | medium |
| 119332 | Slackware 14.0 / 14.1 / 14.2 / current : mozilla-nss (SSA:2018-337-01) | Nessus | Slackware Local Security Checks | medium |