cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
3655
Views
20
Helpful
10
Replies
LibinBenedict
Beginner

Cisco Expressway TLS Cipher

Hi,

We did a security scan on our Cisco Expressway-E (version X8.9.1) and found that it is vulnerable to Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) port 5061/tcp over SSL.

 

The threat indicates that: "Legacy block ciphers having block size of 64 bits are vulnerable to a practical collision attack when used in CBC mode.
All versions of SSL/TLS protocol support cipher suites which use DES, 3DES, IDEA or RC2 as the symmetric encryption cipher are affected."

 

Is there any way we can find out the cipher used for the TLS implementation? Is it documented somewhere?

 

Is there any fix for this vulnerability for Expressway?

 

Thanks,

Libin Benedict

10 REPLIES 10
Roger Kallberg
VIP Mentor

This has been fixed in some release quite some time ago, right now I don't recall the exact version. The version you're on is quite old. Recommendation would be to upgrade to one of the latest, either 12.5.6 or 12.5.7.

 



Response Signature


Hi Roger,

Thanks for the information.

Can you please let me know the cipher used in version X8.9.1 and whether it is documented somewhere?

 

Regards,

Libin Benedict

Hi Libin,

I'm afraid that would be information I don't have. If you really need to know this I would recommend you to reach out to TAC. As stated before by me and others replying to this thread your version is outdated and it would be advisable to upgrade.



Response Signature


Good afternoon Roger,

 

We are using Expressway X12.5.5 version, is this using DES or 3DES?

Thanks in advance.

I have no idea. Likely none of them if I where to guess.



Response Signature


Vinod.s
Participant

Your version is quite old, please share CVE-ID of your vulnerability.

Hi Vinod,

 

The CVE ID is CVE-2016-2183.

 

Thanks,

Libin Benedict