PatchSiren cyber security CVE debrief
CVE-2016-10212 Radware CVE debrief
CVE-2016-10212 is a cryptographic weakness in Radware devices where the first two GCM nonces share the same value. NVD says this can let a remote attacker obtain the authentication key and spoof data via a "forbidden attack," with a possible connection to a third-party Cavium product. The issue was published by NVD on 2017-02-08 and later modified on 2026-05-13; those dates describe record lifecycle, not when the flaw first existed. NVD rates the impact as medium severity, with confidentiality impact but no integrity or availability impact in the CVSS vector.
- Vendor
- Radware
- Product
- CVE-2016-10212
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-08
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-08
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams responsible for Radware Alteon deployments should care, especially where exposed network services depend on GCM-based cryptography. Any environment running affected Alteon versions listed by NVD should be prioritized for review and remediation.
Technical summary
NVD describes a nonce-reuse problem in GCM: the first two nonces use the same value. In authenticated encryption modes like GCM, nonce uniqueness is critical. Reuse can undermine key protection and enable spoofing of data, which is why NVD characterizes the issue as a "forbidden attack." The affected CPE entries in NVD list Radware Alteon versions up to 30.0.5.10 and 30.2.1.1.
Defensive priority
Medium. The CVSS 3.0 vector is AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, which indicates remote attack potential with high complexity and confidentiality impact only. Treat as a patch-and-verify issue for exposed Radware Alteon systems rather than an emergency exploitation event.
Recommended defensive actions
- Identify all Radware Alteon systems in your environment and compare them against the affected NVD version ranges.
- Review the Radware vendor advisory for product-specific remediation guidance and apply the recommended update or workaround.
- Prioritize remediation for internet-facing or otherwise externally reachable Alteon deployments.
- Validate that post-remediation versions are outside the affected ranges listed by NVD.
- Record the issue in your crypto-configuration or appliance hardening review to prevent similar nonce-reuse problems from recurring.
Evidence notes
This debrief is based only on the provided NVD record and linked references. The source data states that Radware devices used the same value for the first two GCM nonces and that this may be related to a third-party Cavium product. NVD lists affected Radware Alteon CPE criteria ending at 30.0.5.10 and 30.2.1.1. PublishedAt is 2017-02-08T16:59:00.180Z; ModifiedAt is 2026-05-13T00:24:29.033Z.
Official resources
-
CVE-2016-10212 CVE record
CVE.org
-
CVE-2016-10212 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE published by NVD on 2017-02-08 and later modified on 2026-05-13. The provided record does not include a public exploit timeline or KEV listing.