SSLVPN Client Timing Attack Risks
Vulnerability details
A timing-based attack exists in the OpenSSL RSA decryption.
Impacted products
Products | Severity | Detail |
SSL VPN Client
|
medium |
SSL VPN Cient is impacted |
Revisions
Version |
Date |
Description |
v1 |
01/25/2023 |
Initial release |
SSL VPN Client |
CVSS v3.1 Overall Score: 6.2 
|
Analysis
|
Impacted version
|
A timing-based attack may be possible under certain circumstance for an attacker to achieve a successful decryption.
|
- SSLVPN Client prior to 3.2.1
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The 3.2.1 update fix this vulnerability.
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Network |
High |
None |
Required |
Unchanged |
High |
None |
None |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Unproven that exploit exists |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
High |
High |
High |