CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-1968

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.3%

CVSS Severity

CVSS v3 Score 3.7

CVSS v2 Score 4.3

References

Products affected by CVE-2020-1968

Openssl » Openssl » Version: 1.0.2

cpe:2.3:a:openssl:openssl:1.0.2
Openssl » Openssl » Version: 1.0.2a

cpe:2.3:a:openssl:openssl:1.0.2a
Openssl » Openssl » Version: 1.0.2b

cpe:2.3:a:openssl:openssl:1.0.2b
Openssl » Openssl » Version: 1.0.2c

cpe:2.3:a:openssl:openssl:1.0.2c
Openssl » Openssl » Version: 1.0.2d

cpe:2.3:a:openssl:openssl:1.0.2d
Openssl » Openssl » Version: 1.0.2e

cpe:2.3:a:openssl:openssl:1.0.2e
Openssl » Openssl » Version: 1.0.2f

cpe:2.3:a:openssl:openssl:1.0.2f
Openssl » Openssl » Version: 1.0.2g

cpe:2.3:a:openssl:openssl:1.0.2g
Openssl » Openssl » Version: 1.0.2h

cpe:2.3:a:openssl:openssl:1.0.2h
Openssl » Openssl » Version: 1.0.2i

cpe:2.3:a:openssl:openssl:1.0.2i
Openssl » Openssl » Version: 1.0.2j

cpe:2.3:a:openssl:openssl:1.0.2j
Openssl » Openssl » Version: 1.0.2k

cpe:2.3:a:openssl:openssl:1.0.2k
Openssl » Openssl » Version: 1.0.2l

cpe:2.3:a:openssl:openssl:1.0.2l
Openssl » Openssl » Version: 1.0.2m

cpe:2.3:a:openssl:openssl:1.0.2m
Openssl » Openssl » Version: 1.0.2n

cpe:2.3:a:openssl:openssl:1.0.2n
Openssl » Openssl » Version: 1.0.2o

cpe:2.3:a:openssl:openssl:1.0.2o
Openssl » Openssl » Version: 1.0.2p

cpe:2.3:a:openssl:openssl:1.0.2p
Openssl » Openssl » Version: 1.0.2q

cpe:2.3:a:openssl:openssl:1.0.2q
Openssl » Openssl » Version: 1.0.2r

cpe:2.3:a:openssl:openssl:1.0.2r
Openssl » Openssl » Version: 1.0.2s

cpe:2.3:a:openssl:openssl:1.0.2s
Openssl » Openssl » Version: 1.0.2t

cpe:2.3:a:openssl:openssl:1.0.2t
Openssl » Openssl » Version: 1.0.2u

cpe:2.3:a:openssl:openssl:1.0.2u
Openssl » Openssl » Version: 1.0.2v

cpe:2.3:a:openssl:openssl:1.0.2v
Oracle » Jd Edwards World Security » Version: a9.4

cpe:2.3:a:oracle:jd_edwards_world_security:a9.4
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.56

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.57

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.58

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58
Fujitsu » M10-1 » Version: N/A

cpe:2.3:h:fujitsu:m10-1:-
Fujitsu » M10-4 » Version: N/A

cpe:2.3:h:fujitsu:m10-4:-
Fujitsu » M10-4s » Version: N/A

cpe:2.3:h:fujitsu:m10-4s:-
Fujitsu » M12-1 » Version: N/A

cpe:2.3:h:fujitsu:m12-1:-
Fujitsu » M12-2 » Version: N/A

cpe:2.3:h:fujitsu:m12-2:-
Fujitsu » M12-2s » Version: N/A

cpe:2.3:h:fujitsu:m12-2s:-
Oracle » Ethernet Switch Es1-24 » Version: N/A

cpe:2.3:h:oracle:ethernet_switch_es1-24:-
Oracle » Ethernet Switch Es2-64 » Version: N/A

cpe:2.3:h:oracle:ethernet_switch_es2-64:-
Oracle » Ethernet Switch Es2-72 » Version: N/A

cpe:2.3:h:oracle:ethernet_switch_es2-72:-
Oracle » Ethernet Switch Tor-72 » Version: N/A

cpe:2.3:h:oracle:ethernet_switch_tor-72:-
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04
Canonical » Ubuntu Linux » Version: 18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0
Fujitsu » M10-1 Firmware » Version: N/A

cpe:2.3:o:fujitsu:m10-1_firmware:-
Fujitsu » M10-1 Firmware » Version: xcp

cpe:2.3:o:fujitsu:m10-1_firmware:xcp
Fujitsu » M10-1 Firmware » Version: xcp2280

cpe:2.3:o:fujitsu:m10-1_firmware:xcp2280
Fujitsu » M10-1 Firmware » Version: xcp2361

cpe:2.3:o:fujitsu:m10-1_firmware:xcp2361
Fujitsu » M10-1 Firmware » Version: xcp2400

cpe:2.3:o:fujitsu:m10-1_firmware:xcp2400
Fujitsu » M10-1 Firmware » Version: xcp2410

cpe:2.3:o:fujitsu:m10-1_firmware:xcp2410
Fujitsu » M10-1 Firmware » Version: xcp3070

cpe:2.3:o:fujitsu:m10-1_firmware:xcp3070
Fujitsu » M10-4 Firmware » Version: N/A

cpe:2.3:o:fujitsu:m10-4_firmware:-
Fujitsu » M10-4 Firmware » Version: xcp

cpe:2.3:o:fujitsu:m10-4_firmware:xcp
Fujitsu » M10-4 Firmware » Version: xcp2280

cpe:2.3:o:fujitsu:m10-4_firmware:xcp2280
Fujitsu » M10-4 Firmware » Version: xcp2361

cpe:2.3:o:fujitsu:m10-4_firmware:xcp2361
Fujitsu » M10-4 Firmware » Version: xcp2400

cpe:2.3:o:fujitsu:m10-4_firmware:xcp2400
Fujitsu » M10-4 Firmware » Version: xcp2410

cpe:2.3:o:fujitsu:m10-4_firmware:xcp2410
Fujitsu » M10-4 Firmware » Version: xcp3070

cpe:2.3:o:fujitsu:m10-4_firmware:xcp3070
Fujitsu » M10-4s Firmware » Version: N/A

cpe:2.3:o:fujitsu:m10-4s_firmware:-
Fujitsu » M10-4s Firmware » Version: xcp

cpe:2.3:o:fujitsu:m10-4s_firmware:xcp
Fujitsu » M10-4s Firmware » Version: xcp2280

cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2280
Fujitsu » M10-4s Firmware » Version: xcp2361

cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2361
Fujitsu » M10-4s Firmware » Version: xcp2400

cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2400
Fujitsu » M10-4s Firmware » Version: xcp2410

cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2410
Fujitsu » M10-4s Firmware » Version: xcp3070

cpe:2.3:o:fujitsu:m10-4s_firmware:xcp3070
Fujitsu » M12-1 Firmware » Version: N/A

cpe:2.3:o:fujitsu:m12-1_firmware:-
Fujitsu » M12-1 Firmware » Version: xcp2361

cpe:2.3:o:fujitsu:m12-1_firmware:xcp2361
Fujitsu » M12-1 Firmware » Version: xcp2400

cpe:2.3:o:fujitsu:m12-1_firmware:xcp2400
Fujitsu » M12-1 Firmware » Version: xcp2410

cpe:2.3:o:fujitsu:m12-1_firmware:xcp2410
Fujitsu » M12-1 Firmware » Version: xcp3070

cpe:2.3:o:fujitsu:m12-1_firmware:xcp3070
Fujitsu » M12-1 Firmware » Version: xcp3090

cpe:2.3:o:fujitsu:m12-1_firmware:xcp3090
Fujitsu » M12-2 Firmware » Version: N/A

cpe:2.3:o:fujitsu:m12-2_firmware:-
Fujitsu » M12-2 Firmware » Version: xcp2361

cpe:2.3:o:fujitsu:m12-2_firmware:xcp2361
Fujitsu » M12-2 Firmware » Version: xcp2400

cpe:2.3:o:fujitsu:m12-2_firmware:xcp2400
Fujitsu » M12-2 Firmware » Version: xcp2410

cpe:2.3:o:fujitsu:m12-2_firmware:xcp2410
Fujitsu » M12-2 Firmware » Version: xcp3070

cpe:2.3:o:fujitsu:m12-2_firmware:xcp3070
Fujitsu » M12-2 Firmware » Version: xcp3090

cpe:2.3:o:fujitsu:m12-2_firmware:xcp3090
Fujitsu » M12-2s Firmware » Version: N/A

cpe:2.3:o:fujitsu:m12-2s_firmware:-
Fujitsu » M12-2s Firmware » Version: xcp2361

cpe:2.3:o:fujitsu:m12-2s_firmware:xcp2361
Fujitsu » M12-2s Firmware » Version: xcp2400

cpe:2.3:o:fujitsu:m12-2s_firmware:xcp2400
Fujitsu » M12-2s Firmware » Version: xcp2410

cpe:2.3:o:fujitsu:m12-2s_firmware:xcp2410
Fujitsu » M12-2s Firmware » Version: xcp3070

cpe:2.3:o:fujitsu:m12-2s_firmware:xcp3070
Fujitsu » M12-2s Firmware » Version: xcp3090

cpe:2.3:o:fujitsu:m12-2s_firmware:xcp3090
Oracle » Ethernet Switch Es1-24 Firmware » Version: 1.3.1

cpe:2.3:o:oracle:ethernet_switch_es1-24_firmware:1.3.1
Oracle » Ethernet Switch Es2-64 Firmware » Version: 2.0.0.14

cpe:2.3:o:oracle:ethernet_switch_es2-64_firmware:2.0.0.14
Oracle » Ethernet Switch Es2-72 Firmware » Version: 2.0.0.14

cpe:2.3:o:oracle:ethernet_switch_es2-72_firmware:2.0.0.14
Oracle » Ethernet Switch Tor-72 Firmware » Version: 1.2.2

cpe:2.3:o:oracle:ethernet_switch_tor-72_firmware:1.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-1968

Products

Pricing

Contact Us