Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1490
Views
15
Helpful
4
Replies

Inquiry About Procedure detection of "Bleichenbacher Attack on TLS Affecting Cisco Products" / CVE-2017-12373

Keisuke Shiraishi
Level 1
Level 1

‎02-22-2020 10:23 PM

Hello Expert,

 

I am associate Security Engineer and my work is verificating mainly platform and network. I must detect the "Bleichenbacher Attack on TLS Affecting Cisco Products", and I got a Cisco ASA 5505 v8.0.
And then I already installed detection tool (robot-detect / https://robotattack.org/) on my enviroment, I assesment to my ASA but I couldn't detect this vulnerability. I think this is due to the default configuration of my ASA.

 

I have a question. How do I configure ASA to detect this vulnerability? I have already read this document, but I don't have Cisco product knowledge.
https://www.cisco.com/c/ja_jp/td/docs/sec/firewall/asa5500nextgenerationfire/cr/001/cmdref80/c5.html

 

Thank you.

0 Helpful
4 Replies 4

Sheraz.Salim
VIP
VIP

‎02-23-2020 01:00 AM - edited ‎02-23-2020 02:09 AM

Cisco ASA 5505 is EOL. Best to use is FTD 1001 it has a unified code (ASA+snort) layer 7 inspection (deep packet inspection).

I noted you using the ASA 5505 v8.0. better you upgrade to 9.2.4 here and here 

please do not forget to rate.

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-23-2020 04:03 AM

Is this a homework question?

Almost nobody in the world would still be using an ASA 5505 running version 8.0 ASA code.

Keisuke Shiraishi
Level 1
Level 1
In response to Marvin Rhoads

‎02-23-2020 03:16 PM

Hello Sheraz and Marvin,

 

Thank you for your response.

 

Firstly this isn't a homework question, also I'm intentionally using this version.
I would like to detect this vulnerability. I'm verificating it in a completely closed environment.
My purpose is to detect vulnerability with this tool. I believe it is necessary to configure with ASA for that.

 

I have a question again. How do I configure ASA to detect this vulnerability?

 

Please let me know if this question is inappropriate. I withdraw this question. Thank you.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Keisuke Shiraishi

‎02-23-2020 07:30 PM

Please refer to the associated BugID for the vulnerability:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg97652

The ASA itself will be vulnerable if:

1. It is running code prior to the fixed version, AND

2. The default 1024-bit RSA key has been replaced with a 2048-bit RSA key AND

3. SSL encryption default has not been modified to restrict the device to using only stronger encryption types for SSL/TLS connections to the device itself.

As far as verification, you can:

1. "show version" and verify your version is affected documented in the BugID,

2. "show crypto key mypubkey rsa" and verify the key length in the subsequent output (2048-bit would be required to present the condition) and

3. "show run ssl" and "show ssl" and analyze the output to ensure that legacy SSL cipher suites are accepted (i.e., any suite that begins with "tls-rsa").

...for the respective conditions I noted earlier. All three are required for the vulnerability to be present.

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card