The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Fujitsu
  • M10-1
  • M10-1 Firmware
  • M10-4
  • M10-4 Firmware
  • M10-4s
  • M10-4s Firmware
  • M12-1
  • M12-1 Firmware
  • M12-2
  • M12-2 Firmware
  • M12-2s
  • M12-2s Firmware
Openssl
  • Openssl
Oracle
  • Ethernet Switch Es1-24
  • Ethernet Switch Es1-24 Firmware
  • Ethernet Switch Es2-64
  • Ethernet Switch Es2-64 Firmware
  • Ethernet Switch Es2-72
  • Ethernet Switch Es2-72 Firmware
  • Ethernet Switch Tor-72
  • Ethernet Switch Tor-72 Firmware
  • Jd Edwards World Security
  • Peoplesoft Enterprise Peopletools

Configuration 1 [-]

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:h:oracle:ethernet_switch_es2-64:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:ethernet_switch_es2-64_firmware:2.0.0.14:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:h:oracle:ethernet_switch_es2-72:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:ethernet_switch_es2-72_firmware:2.0.0.14:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:oracle:ethernet_switch_es1-24_firmware:1.3.1:*:*:*:*:*:*:*
cpe:2.3:h:oracle:ethernet_switch_es1-24:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:oracle:ethernet_switch_tor-72_firmware:1.2.2:*:*:*:*:*:*:*
cpe:2.3:h:oracle:ethernet_switch_tor-72:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-1968 cve-icon
https://raccoon-attack.com/RacoonAttack.pdf cve-icon
https://security.gentoo.org/glsa/202210-02 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20200911-0004/ cve-icon cve-icon
https://usn.ubuntu.com/4504-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-1968 cve-icon
https://www.openssl.org/news/secadv/20200909.txt cve-icon cve-icon
https://www.oracle.com//security-alerts/cpujul2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuApr2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2021.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: openssl

Published: 2020-09-09T13:50:12.423004Z

Updated: 2024-09-16T19:50:54.434Z

Reserved: 2019-12-03T00:00:00

Link: CVE-2020-1968

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-09-09T14:15:12.507

Modified: 2022-11-21T19:48:16.117

Link: CVE-2020-1968

cve-icon Redhat

Severity : Low

Publid Date: 2020-09-09T00:00:00Z

Links: CVE-2020-1968 - Bugzilla