====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN390
_____________________________________________________________________

DATE                : 12/12/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco products running TLS stack implementations.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
_____________________________________________________________________

Cisco Security Advisory: Bleichenbacher Attack on TLS Affecting Cisco
Products: December 2017

Advisory ID: cisco-sa-20171212-bleichenbacher

Revision: 1.0

For Public Release: 2017 December 12 15:45 GMT

Last Updated: 2017 December 12 15:45 GMT

CVE ID(s): CVE-2017-17428

CVSS Score v(3): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

+---------------------------------------------------------------------

Summary
=======
On December 12, 2017, a research paper with the title Return of
Bleichenbacher's Oracle Threat was  made publicly available. This paper
describes how some Transport Layer Security (TLS) stacks are vulnerable
to variations of the classic Bleichenbacher attack on RSA key exchange.

An attacker could iteratively query a server running a vulnerable TLS
stack implementation to perform cryptanalytic operations that may allow
decryption of previously captured TLS sessions.

To exploit this vulnerability, an attacker must be able to perform both
of the following actions:

Capture traffic between clients and the affected TLS server.
Actively establish a considerable number of TLS connections to the
vulnerable server. The actual number of connections required varies
with the implementation-specific vulnerabilities, and could range from
hundreds of thousands to millions of connections.

Multiple Cisco products are affected by this vulnerability.

There may be workarounds available for selected products.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher

["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================