Lucene search

K
ciscoCiscoCISCO-SA-20091105-CVE-2009-3555
HistoryNov 05, 2009 - 7:53 p.m.

Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability

2009-11-0519:53:52
tools.cisco.com
48

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

EPSS

0.003

Percentile

69.4%

Multiple Transport Layer Security (TLS) implementations contain a vulnerability when renegotiating a TLS session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack.

The vulnerability exists during a TLS renegotiation process. If an attacker can intercept traffic from a client to a TLS server, the attacker could stage a rogue TLS server to intercept that traffic and appear to authenticate the client to what the client thinks is the desired TLS server. The attacker is then able to authenticate to the legitimate TLS server and thus stage a man-in-the-middle attack. However, the attacker would not be able to view the contents of the session and would only be able to inject data or requests into it.

Proof-of-concept code that exploits this vulnerability is publicly available.

OpenSSL has confirmed this vulnerability in a changelog and released updated software.

To exploit this vulnerability, the attacker must be able to intercept traffic from a TLS client to a TLS server. In many cases, this may require the attacker to have access to a network that is adjacent to the targeted userโ€™s system. Another possibility would be for the attacker to have access to a network that is adjacent to a legitimate TLS server.

This vulnerability is likely to affect multiple implementations of TLS.

Affected configurations

Vulners
Node
ciscocns_network_registrarMatchany
OR
ciscosecure_access_control_systemMatchany
OR
ciscocontent_services_switchMatchany
OR
ciscociscoworks_1105_wireless_lan_solution_engineMatchany
OR
ciscogss_4480_global_site_selectorMatchany
OR
ciscofirewall_services_moduleMatchany
OR
ciscociscoworks_common_servicesMatchany
OR
ciscocisco_content_switching_moduleMatchany
OR
ciscosecurity_agentMatchany
OR
ciscoadaptive_security_appliance_softwareMatch7.0
OR
ciscoadaptive_security_appliance_softwareMatch7.1
OR
ciscoadaptive_security_appliance_softwareMatch7.2
OR
ciscoadaptive_security_appliance_softwareMatch8.0
OR
ciscoadaptive_security_appliance_softwareMatch8.2
OR
ciscoadaptive_security_appliance_softwareMatch8.1
OR
ciscowireless_control_system_softwareMatchany
OR
ciscoapplication_velocity_systemMatchany
OR
cisco2700_wireless_location_applianceMatchany
OR
ciscosecurity_agentMatchany
OR
ciscowide_area_application_servicesMatchany
OR
ciscowireless_lan_controllerMatch4.0
OR
ciscowireless_lan_controllerMatch3.2
OR
ciscowireless_lan_controllerMatch3.1
OR
ciscowireless_lan_controllerMatch4.1
OR
ciscowireless_lan_controllerMatch3.0
OR
ciscowireless_lan_controllerMatch4.2
OR
ciscowireless_lan_controllerMatch5.0
OR
ciscowireless_lan_controllerMatch5.1
OR
ciscowireless_lan_controllerMatch5.2
OR
ciscounified_contact_center_enterpriseMatchany
OR
ciscounified_ip_conference_station_firmware_7936Matchany
OR
ciscounified_ip_conference_station_7935_firmwareMatchany
OR
ciscounified_ip_phone_7906gMatchany
OR
ciscounified_ip_phone_7911gMatchany
OR
ciscounified_ip_phone_7941gMatchany
OR
ciscounified_ip_phone_7961gMatchany
OR
ciscounified_ip_phone_7970gMatchany
OR
ciscounified_ip_phone_7971g-geMatchany
OR
ciscoip_communicatorMatchany
OR
ciscounified_ip_phone_7931gMatchany
OR
ciscounified_ip_phone_7942gMatchany
OR
ciscounified_ip_phone_7962gMatchany
OR
ciscounified_ip_phone_7945gMatchany
OR
ciscounified_ip_phone_7965gMatchany
OR
ciscounified_ip_phone_7960gMatchany
OR
ciscounified_ip_phone_7940gMatchany
OR
ciscotelepresence_mx200Matchany
OR
cisconx_osMatchany
OR
ciscounified_communications_managerMatchany
OR
ciscoapplication_networking_managerMatchany
OR
ciscounified_contact_center_expressMatchany
OR
ciscocisco_iosMatchanyxe
OR
ciscovideo_surveillance_operations_managerMatchany
OR
ciscovideo_surveillance_media_serverMatchany
OR
ciscodigital_media_playerMatchany
OR
ciscodigital_media_managerMatchany
OR
ciscogss_4480_global_site_selectorMatchany
OR
ciscooptical_networking_systems_softwareMatchany
OR
ciscooptical_networking_systems_softwareMatchany
OR
ciscoace_web_application_firewallMatchany
OR
cisconetwork_analysis_module_softwareMatchany
OR
ciscoshow_and_shareMatchany
OR
ciscoironport_web_security_applianceMatchany
OR
ciscoironport_email_security_applianceMatchany
OR
ciscoironport_encryption_applianceMatchany
OR
ciscowebex_connect_imMatchany
OR
ciscowebex_event_centerMatchany
OR
ciscowebex_meeting_centerMatchany
OR
ciscowebex_meetmenowMatchany
OR
ciscowebexMatchany
OR
ciscowebex_sales_centerMatchany
OR
ciscowebex_support_centerMatchany
OR
ciscowebex_training_centerMatchany
OR
ciscocns_network_registrarMatchany
OR
ciscosecure_access_control_systemMatchany
OR
ciscocontent_services_switchMatchany
OR
ciscociscoworks_1105_wireless_lan_solution_engineMatchany
OR
ciscogss_4480_global_site_selectorMatchany
OR
ciscofirewall_services_moduleMatchany
OR
ciscociscoworks_common_servicesMatchany
OR
ciscocisco_content_switching_moduleMatchany
OR
ciscosecurity_agentMatchany
OR
ciscoadaptive_security_appliance_softwareMatch7.0.1
OR
ciscoadaptive_security_appliance_softwareMatch7.0.1.4
OR
ciscoadaptive_security_appliance_softwareMatch7.0.4
OR
ciscoadaptive_security_appliance_softwareMatch7.0.4.2
OR
ciscoadaptive_security_appliance_softwareMatch7.0.2
OR
ciscoadaptive_security_appliance_softwareMatch7.0.3
OR
ciscoadaptive_security_appliance_softwareMatch7.0.7.1
OR
ciscoadaptive_security_appliance_softwareMatch7.0.8
OR
ciscoadaptive_security_appliance_softwareMatch7.0.7
OR
ciscoadaptive_security_appliance_softwareMatch7.0.6
OR
ciscoadaptive_security_appliance_softwareMatch7.0.5
OR
ciscoadaptive_security_appliance_softwareMatch7.1.2.61
OR
ciscoadaptive_security_appliance_softwareMatch7.1.2
OR
ciscoadaptive_security_appliance_softwareMatch7.1.2.81
OR
ciscoadaptive_security_appliance_softwareMatch7.2.2.34
OR
ciscoadaptive_security_appliance_softwareMatch7.2.3.1
OR
ciscoadaptive_security_appliance_softwareMatch7.2.2
OR
ciscoadaptive_security_appliance_softwareMatch7.2.4
OR
ciscoadaptive_security_appliance_softwareMatch7.2.3
OR
ciscoadaptive_security_appliance_softwareMatch7.2.1
OR
ciscoadaptive_security_appliance_softwareMatch7.2.4.27
OR
ciscoadaptive_security_appliance_softwareMatch7.2.4.30
OR
ciscoadaptive_security_appliance_softwareMatch8.0.2.11
OR
ciscoadaptive_security_appliance_softwareMatch8.0.4
OR
ciscoadaptive_security_appliance_softwareMatch8.0.3
OR
ciscoadaptive_security_appliance_softwareMatch8.0.2
OR
ciscoadaptive_security_appliance_softwareMatch8.0.1.2
OR
ciscoadaptive_security_appliance_softwareMatch8.0.4.25
OR
ciscoadaptive_security_appliance_softwareMatch8.0.4.28
OR
ciscoadaptive_security_appliance_softwareMatch8.0.4.33
OR
ciscoadaptive_security_appliance_softwareMatch8.0.4.32
OR
ciscoadaptive_security_appliance_softwareMatch8.2.0.45
OR
ciscoadaptive_security_appliance_softwareMatch8.1.1
OR
ciscoadaptive_security_appliance_softwareMatch8.1.2
OR
ciscoadaptive_security_appliance_softwareMatch8.1.2.15
OR
ciscoadaptive_security_appliance_softwareMatch8.1.2.16
OR
ciscoadaptive_security_appliance_softwareMatch8.1.2.19
OR
ciscoadaptive_security_appliance_softwareMatch8.1.2.23
OR
ciscoadaptive_security_appliance_softwareMatch8.1.2.24
OR
ciscowireless_control_system_softwareMatchany
OR
ciscoapplication_velocity_systemMatchany
OR
cisco2700_wireless_location_applianceMatchany
OR
ciscosecurity_agentMatchany
OR
ciscowide_area_application_servicesMatchany
OR
ciscowireless_lan_controllerMatch4.0.196
OR
ciscowireless_lan_controllerMatch4.0.108
OR
ciscowireless_lan_controllerMatch4.0.155.5
OR
ciscowireless_lan_controllerMatch4.0.179.8
OR
ciscowireless_lan_controllerMatch4.0.179.11
OR
ciscowireless_lan_controllerMatch4.0.155.0
OR
ciscowireless_lan_controllerMatch4.0.206.0
OR
ciscowireless_lan_controllerMatch4.0.217.0
OR
ciscowireless_lan_controllerMatch4.0.219.0
OR
ciscowireless_lan_controllerMatch3.2.78.0
OR
ciscowireless_lan_controllerMatch3.2.116.21
OR
ciscowireless_lan_controllerMatch3.2.150.6
OR
ciscowireless_lan_controllerMatch3.2.150.10
OR
ciscowireless_lan_controllerMatch3.2.171.5
OR
ciscowireless_lan_controllerMatch3.2.171.6
OR
ciscowireless_lan_controllerMatch3.2.185.0
OR
ciscowireless_lan_controllerMatch3.2.195.10
OR
ciscowireless_lan_controllerMatch3.2.193.5
OR
ciscowireless_lan_controllerMatch3.1.105.0
OR
ciscowireless_lan_controllerMatch3.1.59.24
OR
ciscowireless_lan_controllerMatch3.1.111.0
OR
ciscowireless_lan_controllerMatchany
OR
ciscowireless_lan_controllerMatch4.1.181.0
OR
ciscowireless_lan_controllerMatch4.1.171.0
OR
ciscowireless_lan_controllerMatch4.1.185.0
OR
ciscowireless_lan_controllerMatchany
OR
ciscowireless_lan_controllerMatchany
OR
ciscowireless_lan_controllerMatch4.2.61.0
OR
ciscowireless_lan_controllerMatch4.2.99.0
OR
ciscowireless_lan_controllerMatch4.2.112.0
OR
ciscowireless_lan_controllerMatch4.2.130.0
OR
ciscowireless_lan_controllerMatch4.2.117.0
OR
ciscowireless_lan_controllerMatch4.2.173.0
OR
ciscowireless_lan_controllerMatch4.2.174.0
OR
ciscowireless_lan_controllerMatch4.2.176.0
OR
ciscowireless_lan_controllerMatch4.2.182.0
OR
ciscowireless_lan_controllerMatch5.0.148.0
OR
ciscowireless_lan_controllerMatch5.0.148.2
OR
ciscowireless_lan_controllerMatch5.1.151.0
OR
ciscowireless_lan_controllerMatch5.1.152.0
OR
ciscowireless_lan_controllerMatch5.1.160.0
OR
ciscowireless_lan_controllerMatch5.2.157.0
OR
ciscowireless_lan_controllerMatch5.2.169.0
OR
ciscounified_contact_center_enterpriseMatchany
OR
ciscounified_ip_conference_station_7937gMatch7936
OR
ciscounified_ip_conference_station_7937gMatch7935
OR
ciscounified_ip_phoneMatch7906g
OR
ciscounified_ip_phoneMatch7911g
OR
ciscounified_ip_phoneMatch7941g
OR
ciscounified_ip_phoneMatch7961g
OR
ciscounified_ip_phoneMatch7970g
OR
ciscounified_ip_phoneMatch7971g
OR
ciscoip_communicatorMatchany
OR
ciscounified_ip_phoneMatch7931g
OR
ciscounified_ip_phoneMatch7942g
OR
ciscounified_ip_phoneMatch7962g
OR
ciscounified_ip_phoneMatch7945g
OR
ciscounified_ip_phoneMatch7965g
OR
ciscounified_ip_phoneMatch7960g
OR
ciscounified_ip_phoneMatch7940g
OR
ciscotelepresence_mx200Matchany
OR
cisconx_osMatchany
OR
ciscounified_communications_managerMatchany
OR
ciscoapplication_networking_managerMatchany
OR
ciscounified_contact_center_expressMatchany
OR
ciscocisco_iosMatchanyxe
OR
ciscovideo_surveillance_operations_managerMatchany
OR
ciscovideo_surveillance_media_serverMatchany
OR
ciscodigital_media_playerMatchany
OR
ciscodigital_media_managerMatchany
OR
ciscoace_4710Match4400_series_global_site_selector_\(gss\)_devices
OR
ciscooptical_networking_systems_softwareMatchany
OR
ciscooptical_networking_systems_softwareMatchany
OR
ciscoace_web_application_firewallMatchany
OR
cisconetwork_analysis_module_softwareMatchany
OR
ciscoshow_and_shareMatchany
OR
ciscoironport_web_security_applianceMatchany
OR
ciscoironport_email_security_applianceMatchany
OR
ciscoironport_encryption_applianceMatchany
OR
ciscowebex_connect_imMatchany
OR
ciscowebex_event_centerMatchany
OR
ciscowebex_meeting_centerMatchany
OR
ciscowebex_meetmenowMatchany
OR
ciscowebexMatchany
OR
ciscowebex_sales_centerMatchany
OR
ciscowebex_support_centerMatchany
OR
ciscowebex_training_centerMatchany

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

EPSS

0.003

Percentile

69.4%