cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1537
Views
5
Helpful
1
Replies

ISE 2.6 Vulnerability - Web Server TLS BREACH Attack

Hi.

 

I have a client, with this vulnerability.

 

Vulnerability title: Web Server TLS BREACH Attack

 

* By observing the length of compressed HTTPS responses, an attacker may be able to derive plaintext secrets from the ciphertext of an HTTPS stream.

 

Solution presented:

 

We are currently unaware of a practical solution to this problem. Please consider the following workarounds.

Some of these mitigations may protect entire applications, while others may only protect individual web pages.

- Disable HTTP compression.
- Separate the secrets from the user input.
- Randomize the secrets in each client request.
- Mask secrets (effectively randomizing by XORing with a random secret per request).
- Protect web pages from CSRF attacks.
- Obfuscate the length of web responses by adding random amounts of arbitrary bytes.

 

Is it possible to apply this workaround on cisco ISE?

1 Accepted Solution

Accepted Solutions

Greg Gibbs
Cisco Employee
Cisco Employee

There is no access to the underlying OS in ISE, so you cannot make changes to the web server to apply these mitigations.

Is this vulnerability linked to a known CVE? If so, you can check if it is a known vulnerability in Cisco products via the Security Advisories page.

If this is not a known vulnerability and you have a detailed vulnerability report, you can submit it to the Cisco PSIRT team for review as per the Security Vulnerability Policy.

As with other vulnerabilities related to the Web UI, you can mitigate the risk of a threat actor exploiting this vulnerability by limiting access to the Web UI to specific source management IPs/VLANs using the IP Access Restrictions list.

View solution in original post

1 Reply 1

Greg Gibbs
Cisco Employee
Cisco Employee

There is no access to the underlying OS in ISE, so you cannot make changes to the web server to apply these mitigations.

Is this vulnerability linked to a known CVE? If so, you can check if it is a known vulnerability in Cisco products via the Security Advisories page.

If this is not a known vulnerability and you have a detailed vulnerability report, you can submit it to the Cisco PSIRT team for review as per the Security Vulnerability Policy.

As with other vulnerabilities related to the Web UI, you can mitigate the risk of a threat actor exploiting this vulnerability by limiting access to the Web UI to specific source management IPs/VLANs using the IP Access Restrictions list.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers