CVE: CVE-2017-9267

Export to Word

In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00748
Percentile: 0.72124

CVSS Scoring

CVSS v3.0 Score: 6.5

Severity: MEDIUM

Mapped CWE(s)

CWE-757 : Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

All CAPEC(s)

CAPEC-220: Client-Server Protocol Manipulation
CAPEC-606: Weakening of Cellular Encryption
CAPEC-620: Drop Encryption Level

CAPEC(s) with Mapped TTPs

CAPEC-620: Drop Encryption Level
Mapped TTPs:
- T1600 : Weaken Encryption

Mapped ATT&CK TTPs

T1600 : Weaken Encryption
Kill Chain: defense-evasion

Affected Products

cpe:2.3:a:novell:edirectory:*:*:*:*:*:*:*:*

← Back to Home