Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Crypto Flaw Affects Products From Cisco, Huawei, ZyXEL

A team of researchers has disclosed the details of a new attack method that can be used to crack encrypted communications. The products of several vendors, including Cisco, Huawei, ZyXEL and Clavister, are impacted.

A team of researchers has disclosed the details of a new attack method that can be used to crack encrypted communications. The products of several vendors, including Cisco, Huawei, ZyXEL and Clavister, are impacted.

The attack will be presented later this week at the 27th USENIX Security Symposium in Baltimore, Maryland, by researchers from the University of Opole in Poland and the Ruhr-University Bochum in Germany. The research paper has already been made public.

The experts have analyzed the impact of key reuse on Internet Protocol Security (IPsec), a protocol that authenticates and encrypts the data packets sent over a network. IPsec is often used for virtual private networks (VPNs).

The cryptographic key for IPsec uses the Internet Key Exchange (IKE) protocol, which has two versions, IKEv1 and IKEv2. Each version of IKE has different modes, configurations and authentication methods.

“[Reusing] a key pair across different versions and modes of IKE can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers,” the researchers explained. “We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA encrypted nonces are used for authentication. Using this exploit, we break these RSA encryption based modes, and in addition break RSA signature based authentication in both IKEv1 and IKEv2. Additionally, we describe an offline dictionary attack against the PSK (Pre-Shared Key) based IKE modes, thus covering all available authentication mechanisms of IKE.”

The attack has been found to work against Cisco (CVE-2018-0131), Huawei (CVE-2017-17305), ZyXEL (CVE-2018-9129) and Clavister (CVE-2018-8753) products.

Cisco, Huawei and ZyXEL published advisories for this vulnerability on Monday. Clavister, a provider of network security solutions, released patches for its Clavister cOS Core operating system in early May.

Cisco, which assigned the issue a severity rating of “medium,” described it as a vulnerability in the implementation of RSA-encrypted nonces in the company’s IOS and IOS XE software. An unauthenticated attacker can remotely obtain the encrypted nonces of an IKEv1 session by sending specially crafted ciphertexts to the targeted device.

ZyXEL says the vulnerability affects its ZyWALL and USG series network security appliances. The company has released firmware updates that should prevent attacks.

“ZyWALL/USG devices have a security vulnerability in the Internet Key Exchange (IKE) handshake implementation used for their IPsec-based VPN connections. Attackers might be able to use this vulnerability to retrieve IKEv1 session keys and decrypt connections by using a chosen-ciphertext attack called Bleichenbacher’s attack,” the company told customers.

Huawei’s advisory reveals that the company’s firewall products are affected by the vulnerability. The company also noted that the IPsec IKEv1 implementations in its firewalls introduce two other flaws that can be used to cause a device to enter a denial-of-service (DoS) condition by sending specially crafted packets.

Related: Cisco Security Products Plagued by Critical Flaw

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.