Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017

On December 12, 2017, a research paper with the title Return of Bleichenbacher’s Oracle Threat was made publicly available. This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbacher attack on RSA key exchange. Multiple vulnerabilities were identified based on this research.

An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.

To exploit these vulnerabilities, an attacker must be able to perform both of the following actions:

Capture traffic between clients and the affected TLS server.
Actively establish a considerable number of TLS connections to the vulnerable server. The actual number of connections required varies with the implementation-specific vulnerabilities, and could range from hundreds of thousands to millions of connections.
Multiple Cisco products are affected by these vulnerabilities.

Cisco has released software updates that address some of these vulnerabilities.

There may be workarounds available for selected products.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher”]