CVE-2020-1968

CVSS V2 Medium 4.3 CVSS V3 Low 3.7
Description
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
Overview
  • CVE ID
  • CVE-2020-1968
  • Assigner
  • openssl-security@openssl.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2020-09-09T14:15:12
  • Last Modified Date
  • 2022-11-21T19:48:16
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 1 OR 1.0.2 1.0.2v
AND
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* 1 OR
AND
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:oracle:ethernet_switch_es2-64_firmware:2.0.0.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:oracle:ethernet_switch_es2-64:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:oracle:ethernet_switch_es2-72_firmware:2.0.0.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:oracle:ethernet_switch_es2-72:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:* 1 OR xcp2400
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:* 1 OR xcp2400
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:* 1 OR xcp2400
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:* 1 OR xcp2400
cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:* 1 OR xcp2400
cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:* 1 OR xcp2400
cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:* 1 OR xcp3100
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:* 1 OR xcp3100
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:* 1 OR xcp3100
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:* 1 OR xcp3100
cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:* 1 OR xcp3100
cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:* 1 OR xcp3100
cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:oracle:ethernet_switch_es1-24_firmware:1.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:oracle:ethernet_switch_es1-24:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:oracle:ethernet_switch_tor-72_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:oracle:ethernet_switch_tor-72:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 3.7
  • Base Severity
  • LOW
  • Exploitability Score
  • 2.2
  • Impact Score
  • 1.4
History
Created Old Value New Value Data Type Notes
2022-04-20 16:59:54 Added to TrackCVE
2022-12-04 22:14:33 2020-09-09T14:15Z 2020-09-09T14:15:12 CVE Published Date updated
2022-12-04 22:14:33 2022-11-21T19:48:16 CVE Modified Date updated
2022-12-04 22:14:33 Analyzed Vulnerability Status updated
2022-12-04 22:14:39 References updated