Security Experts:

Vulnerable TLS Implementation Exposes Cisco Products to POODLE Attacks

Two products from Cisco are vulnerable to a new variant of the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack, the company said in a security advisory.

POODLE attacks, which can be leveraged by a remote attacker to gain access to encrypted information, were initially believed to work only against the Secure Sockets Layer (SSL) 3.0 protocol. However, on December 8, researchers confirmed that some implementations of the transport layer security (TLS) 1.x protocol are also vulnerable.

The Cisco Adaptive Security Appliance (ASA) Software and the Cisco ACE Application Control Engine Module are affected, Cisco said in its advisory.

"The vulnerability is due to improper block cipher padding implemented in TLSv1 when using Cipher Block Chaining (CBC) mode. An attacker could exploit the vulnerability to perform an 'oracle padding' side channel attack on the cryptographic message. A successful exploit could allow the attacker to access sensitive information," the company noted.

Cisco ACE 4700 Series Application Control Engine Appliances are not affected, although Cisco warns that some scanners might erroneously flag them as being vulnerable. Other Cisco products might also be listed in the advisory in the upcoming period.

Cisco plans on providing software updates that address the vulnerability, which has been rated as a medium-severity issue (CVSS score of 4.3 out of 10), the company's representatives told SecurityWeek. Customers who have a Cisco.com account can track the timing and progress of the updates by clicking on the "More Information" section of the security notice.

Experts pointed out that POODLE attacks could also work against TLS back in October, shortly after the existence of the flaw was disclosed. The reports were confirmed last week by Google security engineer Adam Langley, who identified several high-profile websites that had been susceptible to attacks.

The researcher determined that the affected sites had been using load balancers from A10 Networks and F5 Networks. Both A10 Networks and F5 Networks released updates to address the problem.

Cisco, A10 Networks and F5 Networks all used the same CVE identifier for the issue, CVE-2014-8730. However, NIST's National Vulnerability Database noted that a different CVE identifier should be used for each vulnerable implementation since the flaw isn't in the design of TLS 1.x itself.

There are still numerous websites vulnerable to POODLE attacks, according to the Qualys' SSL Server Test.

"Some firms still aren’t aware of the risks, others are aware but are unable/unwilling to patch it for fear or creating significant downtime if something goes wrong. A bank (for example) using F5s could potentially lose millions if a patch fails, knocking mission-critical services offline," Paul Moore, information security consultant at UK-based Urity Group, told SecurityWeek.

According to Moore, the SSL Server Test shows many high-profile websites in the UK are vulnerable to POODLE, including the ones of the country's Labor and Conservative parties. Even the British government's Get Safe Online site is affected.

"In the last 6 months, we’ve seen critical exploits in several protocols/cipher suites which were previously deemed 'secure'. Perhaps it’s time to move away from that idealistic notion; opting instead for a more realistic 'known/not known to be insecure'," Moore said.

*Updated with patching information from Cisco

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.