Security Bulletin — ROBOT Vulnerability
Summary
Avi Vantage is not vulnerable to ROBOT attack, a variant of te Adaptive Chosen CipherText attack, aka Bleichenbacher attack. It targets weak implementations of RSA key exchange protocol.
Details
- OpenSSL packaged with Avi Vantage versions 16.2.1 and newer do not include the SSLv2 protocol nor weak ciphers with SSLv3, which are vulnerable to the ROBOT attack. Hence, Avi Vantage 16.2.1 and newer releases are not vulnerable to the ROBOT attack.
- For the Avi Vantage versions prior to 16.2.1, the SSLv2 protocol and weak ciphers with SSLv3 are disabled by default in the packaged OpenSSL libraries, making even the older versions with default configuration invulnerable to the ROBOT attack.
References
- CVE-2017-6168 — NIST National Vulnerability Database
- CVE-2017-6168 — CERT Vulnerability Notes Database