Cavium - Semiconductor Solutions and Server Innovation

Security Advisory

Security Advisory


Severity Moderate
Published 3/5/2018
Modified 3/5/2018

The aforementioned SDK’s of the respective products have been found to be vulnerable to an adaptive chosen cipher attack a.k.a Bleichenbacher or ROBOT attack. The vulnerability makes it possible for remote attackers to decrypt observed TLS cipher text that has been encrypted with RSA cipher.

  • Nitrox
    • Nitrox III using Nitrox SSL SDK 6.1.0 and older
    • Nitrox V using Nitrox V SSL SDK 1.2 and older
    • Microcodes are not impacted

  • Nitrox XL FIPS products:
    • CN16xx-NFBE using TurboSSL SDK 2.2 and older

  • N3FIPS based FIPS products
    • CNN35xx-NFBE, CNL35xx-NFBE, CNL35xx-APL using TurboSSL SDK 1.0 and older
    • NITROX FIPS CN16xx-NFBE : FW 1.1, 1.2 and 2.1
    • All N3FIPS firmware versions (1.x, 2.x) and NGFIPS 2.2.x have the timing attack fixes

  • Octeon
    • OCTEON CN3xxx and OCTEON Plus CN5xxx processors using SDK 1.7.2 or earlier and also using SSL 1.5.0 or earlier are affected
    • OCTEON CN3xxx and OCTEON Plus CN5xxx processors running SDK 2.x or 3.x are unaffected 
    • All OCTEON II CN6xxx and OCTEON III CN7xxx are unaffected

Contact Details

Cavium, Inc.
2315 N.First Street, San Jose, CA 95131

P: +1-408-943-7100