In a Usenix presentation on circumventing cryptographic key protocol, Cisco announced an update for its Internetwork operating system (IOS) and IOS XE firmware. The networking behemoth advises all customers jogging hardware that uses IOS and IOS XE to get the updates that address CVE-2018-0131, a protection pass vulnerability stemming from a weakness in the Internet Key Exchange (IKEv1) protocol.
Researchers Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, and Marcin Szymanek from Ruhr-University Bochum and the University of Opole determined [PDF] that an attacker ought to contact a tool with ciphertext requests that beneath the right situations, ought to reason the goal device to reveal the encrypted nonces (single-use numbers for encryption keys) and potentially lead to the keys being broken.
The organization, which plans to share its findings later this week at the conference, wrote that “reusing a key pair throughout specific versions and modes of IKE can lead to move-protocol authentication bypasses, allowing the impersonation of a victim host or community employing attackers.”
The woman says, Oops, after statistics breach… Or possibly another mistake. Illustration by Shutterstock/Sergey Sobin Cisco permits an SSL cert to expire in its VPN kit – and broke community provisioning agents. The attack would probably be completed either through eavesdropping on IP sessions or acting as a man-in-the-center compromise and injecting code into packets.
The researchers say they might receive enough records to create a kind of Bleichenbacher’s Oracle [PDF] attack on the keys by intentionally sending bad cipher requests to the susceptible machines. Given sufficient time, this would probably allow the attacker to decrypt shared keys and get around encryption protections.
The researchers stated they had disclosed their findings to Cisco and other companies impacted by the issue. All are believed to have issued patches for inclined products before the book of the paper. Cisco says in its advisory that, brief of transferring off of IKEv1, there are no workarounds for the vulnerability. Switchzilla advises anybody to use an IOS or IOS XE tool. This is configured with the ‘authentication RSA-entire alternative grew to replace their firmware and ensure they have the patched IOS version.