CVE-2018-12404

MEDIUM

Description

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html

http://www.securityfocus.com/bid/107260

https://access.redhat.com/errata/RHSA-2019:2237

https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Details

Source: MITRE

Published: 2019-05-02

Updated: 2019-07-20

Type: CWE-310

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (30 total)

ID	Name	Product	Family	Severity
134681	Amazon Linux AMI : nss / nss-softokn,nss-util,nspr (ALAS-2020-1355)	Nessus	Amazon Linux Local Security Checks	medium
134541	EulerOS Virtualization for ARM 64 3.0.2.0 : nss-softokn (EulerOS-SA-2020-1252)	Nessus	Huawei Local Security Checks	medium
134503	EulerOS Virtualization for ARM 64 3.0.2.0 : nss (EulerOS-SA-2020-1214)	Nessus	Huawei Local Security Checks	medium
132493	NewStart CGSL CORE 5.05 / MAIN 5.05 : nss Multiple Vulnerabilities (NS-SA-2019-0236)	Nessus	NewStart CGSL Local Security Checks	medium
131620	EulerOS 2.0 SP2 : nss (EulerOS-SA-2019-2467)	Nessus	Huawei Local Security Checks	medium
130883	EulerOS 2.0 SP5 : nss (EulerOS-SA-2019-2174)	Nessus	Huawei Local Security Checks	medium
130708	EulerOS 2.0 SP3 : nss-softokn (EulerOS-SA-2019-2246)	Nessus	Huawei Local Security Checks	medium
129915	NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0193)	Nessus	NewStart CGSL Local Security Checks	medium
129563	Amazon Linux 2 : nss (ALAS-2019-1305)	Nessus	Amazon Linux Local Security Checks	medium
129173	EulerOS 2.0 SP5 : nss-softokn (EulerOS-SA-2019-1979)	Nessus	Huawei Local Security Checks	medium
128378	CentOS 7 : nspr / nss / nss-softokn / nss-util (CESA-2019:2237)	Nessus	CentOS Local Security Checks	medium
128243	Scientific Linux Security Update : nss, nss-softokn, nss-util, and nspr on SL7.x x86_64 (20190806)	Nessus	Scientific Linux Local Security Checks	medium
127699	RHEL 7 : nss, nss-softokn, nss-util, and nspr (RHSA-2019:2237)	Nessus	Red Hat Local Security Checks	medium
126898	openSUSE Security Update : MozillaFirefox (openSUSE-2019-1758)	Nessus	SuSE Local Security Checks	high
126189	Photon OS 1.0: Nss PHSA-2019-1.0-0239	Nessus	PhotonOS Local Security Checks	high
126184	Photon OS 3.0: Nss PHSA-2019-3.0-0020	Nessus	PhotonOS Local Security Checks	medium
126182	Photon OS 2.0: Nss PHSA-2019-2.0-0164	Nessus	PhotonOS Local Security Checks	medium
123408	openSUSE Security Update : mozilla-nss (openSUSE-2019-998)	Nessus	SuSE Local Security Checks	medium
123164	openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2019-1039)	Nessus	SuSE Local Security Checks	medium
122604	Debian DLA-1704-1 : nss security update	Nessus	Debian Local Security Checks	medium
122225	openSUSE Security Update : mozilla-nss (openSUSE-2019-183)	Nessus	SuSE Local Security Checks	medium
121638	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:0273-1)	Nessus	SuSE Local Security Checks	high
121062	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nss vulnerabilities (USN-3850-1)	Nessus	Ubuntu Local Security Checks	medium
120683	Fedora 29 : nss (2018-a78b2ef820)	Nessus	Fedora Local Security Checks	medium
120299	Fedora 28 : nss (2018-2575edf8d3)	Nessus	Fedora Local Security Checks	medium
120193	SUSE SLED15 / SLES15 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4235-1)	Nessus	SuSE Local Security Checks	high
119948	openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2018-1618)	Nessus	SuSE Local Security Checks	low
119871	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1)	Nessus	SuSE Local Security Checks	high
119670	openSUSE Security Update : mozilla-nss (openSUSE-2018-1540)	Nessus	SuSE Local Security Checks	medium
119332	Slackware 14.0 / 14.1 / 14.2 / current : mozilla-nss (SSA:2018-337-01)	Nessus	Slackware Local Security Checks	medium