cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1381
Views
40
Helpful
9
Replies

CSCve77140 - Cisco IOS IKEv1 vulnerable to Bleichenbacher style attacks against RSA encrypted nonces

Lukas Runge
Level 1
Level 1

Basic question regarding Bug Search Tool

In the Bug Search I can see:
Known Affected Releases: (1)
15.5(3)S

Does it mean that every SW version before 15.5(3)S is affected as well? Like for example version 15.0.(2)SE11 ? Or does it mean that only this sw version is affected?

 

Thanks in advance!

2 Accepted Solutions

Accepted Solutions


@Lukas Runge wrote:

Why does Cisco publish that only one SW version is affected in the bug search tool?


A very important tip:  Never, ever, trust information(s) found in Bug IDs.  

Information found in Bug IDs are seldom accurate.  Once it's published it is extremely (like pulling teeth from a hunger lion) difficult to get them updated.  It is a lot easier to raise a TAC Case and get the correct information that way. 

Security Bulletins/Advisory, however, are regularly updated (because they are viewed by wider audience). 


@Lukas Runge wrote:

Cisco IOS - yes
authentication rsa-encr -> enabled


This means you "could be" vulnerable.  I say "could be" because no known/reported exploit has (yet) been reported.
 

View solution in original post

9 Replies 9

Leo Laohoo
Hall of Fame
Hall of Fame
Does your router have the command "authentication rsa-encr" in the config?

Hello @Leo Laohoo

I have read the vendor advisory, which states: This vulnerability affects Cisco IOS Software and Cisco IOS XE Software that is configured with the authentication rsa-encr option.

But my question is more kind of a basic uestion regarding the layout of the bug search. I need to know if only the indicated version is affected, or every version before that as well?

Thank you.

Hello @Leo Laohoo

 

I have read the vendor advisory, which states: This vulnerability affects Cisco IOS Software and Cisco IOS XE Software that is configured with the authentication rsa-encr option.

But my question is more kind of a basic uestion regarding the layout of the bug search. I need to know if only the indicated version is affected, or every version before that as well?

Thank you.

Firstly, the main question is the configuration line of "authentication rsa-encr". If this line isn't present in the configuration then it's nothing to worry about.
But if the command "authentication rsa-encr" is present, the next question is whether or not the router is running Cisco IOS, IOS XE or IOS XR. If it's IOS XR, then not to worry.
However, if the command "authentication rsa-encr" is present and the router is running IOS XE or IOS then the threat is preset and it's across all versions.

Hello @Leo Laohoo

Thank you for your answer. But if this is the case:
Cisco IOS - yes
&& authentication rsa-encr -> enabled

Why does Cisco publish that only one SW version is affected in the bug search tool?


@Lukas Runge wrote:

Why does Cisco publish that only one SW version is affected in the bug search tool?


A very important tip:  Never, ever, trust information(s) found in Bug IDs.  

Information found in Bug IDs are seldom accurate.  Once it's published it is extremely (like pulling teeth from a hunger lion) difficult to get them updated.  It is a lot easier to raise a TAC Case and get the correct information that way. 

Security Bulletins/Advisory, however, are regularly updated (because they are viewed by wider audience). 


@Lukas Runge wrote:

Cisco IOS - yes
authentication rsa-encr -> enabled


This means you "could be" vulnerable.  I say "could be" because no known/reported exploit has (yet) been reported.
 

Hi @Leo Laohoo,

me again. :)
Can you tell me the command to check if the authentication rsa-encr option is enabled?

sh run | i rsa ?

thanks in advance again

Hello @Leo Laohoo,

 

how can check if the authentication rsa-encr option is enabled?

 

(sh run | i rsa) ?

 

Thanks in advance,
Lukas

sh run | i rsa-encr