CVE-2007-6755

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.

Published: 2013-10-11 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2007-6755 is rated Moderate Risk (47.1/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.41%). Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2007-6755

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-16 1.63% 1.41% -0.23%
2 2026-06-15 0.33% 1.63% +1.30%
3 2025-11-09 0.33%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2007-6755

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
8.6 4.9 [email protected]

Weakness enumeration for CVE-2007-6755

OS Trackers for CVE-2007-6755

vendor priority summary link
debian unimportant CVE-2007-6755 unimportant priority: Debian including 1 source packages (openssl), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2007-6755
redhat medium https://access.redhat.com/security/cve/CVE-2007-6755
ubuntu low CVE-2007-6755 low priority: Ubuntu including 10 source packages (bouncycastle, gnutls26, …), 155 status rows across 16 suites (artful, bionic, cosmic, lucid, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): not-affected 79, DNE 38, ignored 31, needs-triage 7. https://ubuntu.com/security/CVE-2007-6755

Affected software / configurations for CVE-2007-6755

Vendor Product Version Raw CPE
dell bsafe_crypto-c-micro-edition >= 3.0.0.0, <= 3.0.0.20 cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*
dell bsafe_crypto-j 5.0 cpe:2.3:a:dell:bsafe_crypto-j:5.0:*:*:*:*:*:*:*
dell bsafe_crypto-j 5.0.1 cpe:2.3:a:dell:bsafe_crypto-j:5.0.1:*:*:*:*:*:*:*

References for CVE-2007-6755

cvelogic Threat Intelligence