—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017

Advisory ID: cisco-sa-20171212-bleichenbacher

Revision: 1.0

For Public Release: 2017 December 12 15:45 GMT

Last Updated: 2017 December 12 15:45 GMT

CVE ID(s): CVE-2017-17428

CVSS Score v(3): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

+———————————————————————

Summary
=======
On December 12, 2017, a research paper with the title Return of Bleichenbacher’s Oracle Threat was made publicly available. This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbacher attack on RSA key exchange.

An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.

To exploit this vulnerability, an attacker must be able to perform both of the following actions:

Capture traffic between clients and the affected TLS server.
Actively establish a considerable number of TLS connections to the vulnerable server. The actual number of connections required varies with the implementation-specific vulnerabilities, and could range from hundreds of thousands to millions of connections.
Multiple Cisco products are affected by this vulnerability.

There may be workarounds available for selected products.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJaL/wEZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlK6BAAsSsjgdaWi1bKYp1k
azjE40r91q/TwybCDo8uEhkjVp2GxTSVEbpjBn+xqpMWmSQr311uBe646XOzsv3e
pjmCW815IljoiIY2LtjGcnznCHCa5ElK4R9iD2fS9CNz60lajdp5vnskb4m9Q7nL
5PKWtYCDNmbykZEMeIxUPKhSg3kbH2IqeBB7QPaQfktnik5C4sR/MOAylE3k8o9e
L2+By023eZcwTUFl0i8Ml6fqmEPK+25wt8kAIXUmNVEIK+KpSfOz39IYPM2wWoFL
HgnfD/JWyBweectFS//tCWpkRGILX6zlDfYg97kknWa6JfMr7v1cfm7ILE5/bZdl
N8YJC292ruebCrKPsunBJEM8pSqc+J7SlD/zLeOFY/OTHZagdto2Qep+gyHdphFR
oyyiJzHyGcSPDvh8BWFTGuzIZxu3dVGoUT/w4iVcii1eGDspzhf9Aelme0iit/Dd
CR3e6LaQyXwcuZr7bxVoKp9a5Wv+TZsbhS52Mdq10x48PLUEybEbrZYDvlGE9fEL
STv0G4C8VCTYKHtMAeB05zGaX7B/lKeN6xCRKY7ful87TJhMQ5kvnjqIR7DgzSee
YJraDy1Lm8+6oifp62LABT/IdZoa4y29HPcJIcc3t16vWdmJuxq8RfGRlK2oyxL9
zOlqM9DiZ+rhXkHqoT9vTxth4oA=
=m1yY
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com