SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Device (Router/Bridge/Hub)  >   Cisco Application Control Engine Vendors:   Cisco
Cisco Application Control Engine TLS Side Channel Leakage Flaw Lets Remote Users Decrypt TLS Session Data
SecurityTracker Alert ID:  1039984
SecurityTracker URL:  http://securitytracker.com/id/1039984
CVE Reference:   CVE-2017-17428   (Links to External Site)
Updated:  Dec 12 2017
Original Entry Date:  Dec 12 2017
Impact:   Disclosure of system information, Disclosure of user information
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 4710; ACE30 module
Description:   A vulnerability was reported in Cisco Application Control Engine. A remote user can decrypt data in certain cases.

A remote user that can monitor TLS session data between the target client and target server and with the ability to establish a large number of TLS connections with the target server can conduct a modified version of the Bleichenbacher chosen-ciphertext attack against RSA PKCS#1 v1.5 encryption block formatting to decrypt the data.

Cipher suites that use RSA for key exchange are affected.

The vendor has assigned bug ID CSCvg74693 to this vulnerability.

This attack method is known as the "ROBOT" attack.

The origin advisory ("Return Of Bleichenbacher's Oracle Threat") is available at:

https://eprint.iacr.org/2017/1189

Hanno Bock, Juraj Somorovsky of Ruhr-Universitat Bochum/Hackmanit GmbH, and Craig Young of Tripwire VERT reported this vulnerability.

Impact:   A remote user can decrypt TLS session data in certain cases.
Solution:   No solution was available at the time of this entry.

The vendor does not plan to issue a fix for this product.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC