Ericsson accelerates 5G for Enterprise with the acquisition of Cradlepoint Read More

CPSEC-9: OpenSSL vulnerable to DROWN attack

October 19, 2018

Summary: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products and required a server to send a ServerVerify message before establishing the client possesses certain plaintext RSA data. This action makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a “DROWN” attack. Cradlepoint routers were not affected by this vulnerability (CVE-2016-0800).

Mitigation: Update firmware to version 6.1.0 or newer as part of the normal maintenance schedule.

CVE-2016-0800 NIST/NVD Detail