virus logo FortiClient Vulnerability

OpenSSL CVE-2016-0702 Information Disclosure Vulnerability

description-logoDescription

Severity: LowA side-channel attack was found which makes use of cache-bank conflicts on theIntel Sandy-Bridge microarchitecture which could lead to the recovery of RSAkeys. The ability to exploit this issue is limited as it relies on an attackerwho has control of code in a thread running on the same hyper-threaded core asthe victim thread which is performing decryptions.This issue affects OpenSSL versions 1.0.2 and 1.0.1.OpenSSL 1.0.2 users should upgrade to 1.0.2gOpenSSL 1.0.1 users should upgrade to 1.0.1sThis issue was reported to OpenSSL on Jan 8th 2016 by Yuval Yarom, TheUniversity of Adelaide and NICTA, Daniel Genkin, Technion and Tel AvivUniversity, and Nadia Heninger, University of Pennsylvania with moreinformation at http://cachebleed.info. The fix was developed by Andy Polyakovof OpenSSL.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2016-0702

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39853
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL