CVE-2016-10212

MEDIUM

Radware Alteon < 30.0.5.10 - Information Disclosure

Title source: rule

Description

Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96172

[Third Party Advisory] https://github.com/nonce-disrespect/nonce-disrespect

View Writeup ZIP pw:eip

[Vendor Advisory] https://support.radware.com/app/answers/answer_view/a_id/18456

Scores

CVSS v3 5.9

EPSS 0.0114

EPSS Percentile 78.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

radware/alteon < 30.0.5.10

n/a/n/a

Timeline

Published Feb 08, 2017

Tracked Since Feb 18, 2026