vulnerability

Aruba AOS-CX: CVE-2017-6168: Return Of Bleichenbacher's Oracle Threat

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	2022-02-22	2025-02-24	2025-04-03

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

2022-02-22

Added

2025-02-24

Modified

2025-04-03

Description

A vulnerability exists within AOS-CX's cryptographic library that provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker may be able to recover private keys for X.509 certificates. This vulnerability is referred to as "ROBOT."

Solution

aruba-aos-cx-cve-2017-6168

References

CVE-2017-6168
https://attackerkb.com/topics/CVE-2017-6168
URL-https://csaf.arubanetworks.com/2022/hpe_aruba_networking_-_2022-004.json

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today