Low severity3.7NVD Advisory· Published Sep 9, 2020· Updated Apr 16, 2026

CVE-2020-1968

Description

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

Affected products

OpenSSL Project/OpenSSL
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Range: >=1.0.2,<=1.0.2v
Canonical (company)/Ubuntu Linux2 versions
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Oracle Corporation/Jd Edwards World Security
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
Oracle Corporation/Peoplesoft Enterprise Peopletools3 versions
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Oracle Corporation/Ethernet Switch Es2 64 Firmware
cpe:2.3:o:oracle:ethernet_switch_es2-64_firmware:2.0.0.14:*:*:*:*:*:*:*
Oracle Corporation/Ethernet Switch Es2 72 Firmware
cpe:2.3:o:oracle:ethernet_switch_es2-72_firmware:2.0.0.14:*:*:*:*:*:*:*
Fujitsu/M10 1 Firmware
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
Range: <xcp2400
Fujitsu/M10 4 Firmware
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
Range: <xcp2400
Fujitsu/M10 4s Firmware
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
Range: <xcp2400
Fujitsu/M12 1 Firmware
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
Range: <xcp2400
Fujitsu/M12 2 Firmware
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
Range: <xcp2400
Fujitsu/M12 2s Firmware
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
Range: <xcp2400
Oracle Corporation/Ethernet Switch Es1 24 Firmware
cpe:2.3:o:oracle:ethernet_switch_es1-24_firmware:1.3.1:*:*:*:*:*:*:*
Oracle Corporation/Ethernet Switch Tor 72 Firmware
cpe:2.3:o:oracle:ethernet_switch_tor-72_firmware:1.2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com//security-alerts/cpujul2021.htmlnvdPatchThird Party Advisory
www.oracle.com/security-alerts/cpuApr2021.htmlnvdPatchThird Party Advisory
www.oracle.com/security-alerts/cpuapr2022.htmlnvdPatchThird Party Advisory
www.oracle.com/security-alerts/cpuoct2021.htmlnvdPatchThird Party Advisory
lists.debian.org/debian-lts-announce/2020/09/msg00016.htmlnvdMailing ListThird Party Advisory
security.gentoo.org/glsa/202210-02nvdThird Party Advisory
security.netapp.com/advisory/ntap-20200911-0004/nvdThird Party Advisory
usn.ubuntu.com/4504-1/nvdThird Party Advisory
www.openssl.org/news/secadv/20200909.txtnvdVendor Advisory
www.oracle.com/security-alerts/cpujan2021.htmlnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.240
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000