02-22-2020 10:23 PM
Hello Expert,
I am associate Security Engineer and my work is verificating mainly platform and network. I must detect the "Bleichenbacher Attack on TLS Affecting Cisco Products", and I got a Cisco ASA 5505 v8.0.
And then I already installed detection tool (robot-detect / https://robotattack.org/) on my enviroment, I assesment to my ASA but I couldn't detect this vulnerability. I think this is due to the default configuration of my ASA.
I have a question. How do I configure ASA to detect this vulnerability? I have already read this document, but I don't have Cisco product knowledge.
https://www.cisco.com/c/ja_jp/td/docs/sec/firewall/asa5500nextgenerationfire/cr/001/cmdref80/c5.html
Thank you.
02-23-2020 01:00 AM - edited 02-23-2020 02:09 AM
02-23-2020 04:03 AM
Is this a homework question?
Almost nobody in the world would still be using an ASA 5505 running version 8.0 ASA code.
02-23-2020 03:16 PM
Hello Sheraz and Marvin,
Thank you for your response.
Firstly this isn't a homework question, also I'm intentionally using this version.
I would like to detect this vulnerability. I'm verificating it in a completely closed environment.
My purpose is to detect vulnerability with this tool. I believe it is necessary to configure with ASA for that.
I have a question again. How do I configure ASA to detect this vulnerability?
Please let me know if this question is inappropriate. I withdraw this question. Thank you.
02-23-2020 07:30 PM
Please refer to the associated BugID for the vulnerability:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg97652
The ASA itself will be vulnerable if:
1. It is running code prior to the fixed version, AND
2. The default 1024-bit RSA key has been replaced with a 2048-bit RSA key AND
3. SSL encryption default has not been modified to restrict the device to using only stronger encryption types for SSL/TLS connections to the device itself.
As far as verification, you can:
1. "show version" and verify your version is affected documented in the BugID,
2. "show crypto key mypubkey rsa" and verify the key length in the subsequent output (2048-bit would be required to present the condition) and
3. "show run ssl" and "show ssl" and analyze the output to ensure that legacy SSL cipher suites are accepted (i.e., any suite that begins with "tls-rsa").
...for the respective conditions I noted earlier. All three are required for the vulnerability to be present.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide