Vulnerability Name:

CVE-2016-0887 (CCN-112094)

Assigned:2015-12-17
Published:2016-04-11
Updated:2021-12-09
Summary:EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2016-0887

Source: MISC
Type: Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra's Attack Vulnerability

Source: CCN
Type: EMC Security Advisory ESA-2016-013
RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstras Attack Vulnerability

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20160411 ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1035515

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1035516

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1035517

Source: XF
Type: UNKNOWN
rsa-bsafe-cve20160887-info-disc(112094)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:* (Version >= 4.0 and <= 4.0.5.3)
  • OR cpe:/a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:* (Version < 6.2.1)
  • OR cpe:/a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:* (Version < 6.2.1)
  • OR cpe:/a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:* (Version >= 4.0.0 and <= 4.0.11)
  • OR cpe:/a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:* (Version >= 4.1.0 and < 4.1.5)
  • OR cpe:/a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:* (Version >= 4.1 and <= 4.1.2)
  • OR cpe:/a:dell:bsafe_ssl-c:*:*:*:*:*:*:*:* (Version < 2.8.9)

    • Configuration CCN 1:
  • cpe:/a:emc:rsa_bsafe_ssl-j:6.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:emc:rsa_bsafe_ssl-c:2.8.9:*:*:*:*:*:*:*
  • OR cpe:/a:emc:rsa_bsafe:4.0.7:*:*:*:micro_edition_suite:*:*:*
  • OR cpe:/a:emc:rsa_bsafe:4.1.2:*:*:*:micro_edition_suite:*:*:*

    • * Denotes that component is vulnerable
    BACK
    dell bsafe crypto-c-micro-edition *
    dell bsafe crypto-j *
    dell bsafe ssl-j *
    dell bsafe micro-edition-suite *
    dell bsafe micro-edition-suite *
    dell bsafe crypto-c-micro-edition *
    dell bsafe ssl-c *
    emc rsa bsafe ssl-j 6.1.2
    emc rsa bsafe ssl-c 2.8.9
    emc rsa bsafe 4.0.7
    emc rsa bsafe 4.1.2