CVE-2016-10212 Information

Description

Radware devices use the same value for the first two GCM nonces which allows remote attackers to obtain the authentication key and spoof data via a \forbidden attack\ a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/96172 https://github.com/nonce-disrespect/nonce-disrespect https://support.radware.com/app/answers/answer_view/a_id/18456

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.9