Vulnerabilities > CVE-2017-18268 - Information Exposure Through Discrepancy vulnerability in Broadcom Symantec Intelligencecenter 3.3

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

broadcom

CWE-203

NVD

Published: 2018-05-17

Updated: 2021-09-09

Summary

Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.

Vulnerable Configurations

Part	Description	Count
Application	Broadcom Broadcom Symantec Intelligencecenter 3.3	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://www.symantec.com/security-center/network-protection-security-advisories/SA160
http://www.securityfocus.com/bid/104164