Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Title Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
Name cisco-sa-20171212-bleichenbacher First vendor Publication 2017-12-12
Vendor Cisco Last vendor Modification 2017-12-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:N/A:N)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


On December 12, 2017, a research paper with the title Return of Bleichenbacher's Oracle Threat was made publicly available. This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbacher attack on RSA key exchange.

An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.

To exploit this vulnerability, an attacker must be able to perform both of the following actions:

Capture traffic between clients and the affected TLS server. Actively establish a considerable number of TLS connections to the vulnerable server. The actual number of connections required varies with the implementation-specific vulnerabilities, and could range from hundreds of thousands to millions of connections. Multiple Cisco products are affected by this vulnerability.

There may be workarounds available for selected products.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"]


iQKBBAEBAgBrBQJaL/wEZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlK6BAAsSsjgdaWi1bKYp1k azjE40r91q/TwybCDo8uEhkjVp2GxTSVEbpjBn+xqpMWmSQr311uBe646XOzsv3e pjmCW815IljoiIY2LtjGcnznCHCa5ElK4R9iD2fS9CNz60lajdp5vnskb4m9Q7nL 5PKWtYCDNmbykZEMeIxUPKhSg3kbH2IqeBB7QPaQfktnik5C4sR/MOAylE3k8o9e L2+By023eZcwTUFl0i8Ml6fqmEPK+25wt8kAIXUmNVEIK+KpSfOz39IYPM2wWoFL HgnfD/JWyBweectFS//tCWpkRGILX6zlDfYg97kknWa6JfMr7v1cfm7ILE5/bZdl N8YJC292ruebCrKPsunBJEM8pSqc+J7SlD/zLeOFY/OTHZagdto2Qep+gyHdphFR oyyiJzHyGcSPDvh8BWFTGuzIZxu3dVGoUT/w4iVcii1eGDspzhf9Aelme0iit/Dd CR3e6LaQyXwcuZr7bxVoKp9a5Wv+TZsbhS52Mdq10x48PLUEybEbrZYDvlGE9fEL STv0G4C8VCTYKHtMAeB05zGaX7B/lKeN6xCRKY7ful87TJhMQ5kvnjqIR7DgzSee YJraDy1Lm8+6oifp62LABT/IdZoa4y29HPcJIcc3t16vWdmJuxq8RfGRlK2oyxL9 zOlqM9DiZ+rhXkHqoT9vTxth4oA= =m1yY END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-327 Use of a Broken or Risky Cryptographic Algorithm (CWE/SANS Top 25)
50 % CWE-203 Information Exposure Through Discrepancy

CPE : Common Platform Enumeration

Application 1
Application 2
Os 1
Os 1
Os 1
Os 1
Os 1

Snort® IPS/IDS

Date Description
2018-04-05 limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
RuleID : 45830 - Revision : 1 - Type : SERVER-OTHER
2018-01-17 limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
RuleID : 45201 - Revision : 2 - Type : SERVER-OTHER
2018-01-17 limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
RuleID : 45200 - Revision : 2 - Type : SERVER-OTHER
2018-01-17 limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
RuleID : 45199 - Revision : 2 - Type : SERVER-OTHER
2017-12-13 Cisco Application Control Engine padding oracle attack attempt
RuleID : 45120 - Revision : 1 - Type : SERVER-OTHER

Alert History

If you want to see full details history, please login or register.
Date Informations
2018-03-29 17:21:19
  • Multiple Updates
2018-03-05 21:22:56
  • Multiple Updates
2018-01-04 21:23:56
  • Multiple Updates
2017-12-12 17:21:25
  • First insertion