Guest

Cisco Event Response: POODLE Vulnerability

Threat Summary: October 15, 2014

This information has been produced in reference to the recent SSLv3 protocol fallback vulnerability and the associated Padding Oracle On Downgraded Legacy Encryption (POODLE) attack that has been made public at www.openssl.org.

 

Event Intelligence

 

The following Cisco content is associated with this Event Response Page:

Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

Cisco IntelliShield Alert: OpenSSL SSLv3 POODLE Information Disclosure Vulnerability: http://tools.cisco.com/security/center/viewAlert.x?alertId=36084

Cisco Talos Blog Post: POODLE and The Curse of Backwards Compatibility: http://blogs.cisco.com/security/talos/poodle-and-the-curse-of-backwards-compatibility/

Vulnerability Characteristics

The SSLv3 protocol fallback vulnerability has been assigned the Common Vulnerabilities and Exposure (CVE) ID CVE-2014-3566

On October 14, 2014, a vulnerability in the Cipher-Block-Chaining (CBC) mode of the Secure Sockets Layer version 3 (SSLv3) protocol was publicly announced here: https://www.openssl.org/~bodo/ssl-poodle.pdf

SSL 3.0 (RFC-6101) is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 (RFC-2246), TLS 1.1 (RFC-4346), and TLS 1.2 (RFC-5246), many TLS implementations remain backward compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. The protocol handshake provides for authenticated version negotiation, so normally the latest protocol version common to the client and the server will be used. However, even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant because many clients implement a protocol downgrade dance to work around server­side interoperability bugs.

Attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0. The POODLE attack will allow them, for example, to steal "secure" HTTP cookies (or other bearer tokens such as HTTP Authorization header contents).

Impact on Cisco Products

Successful exploitation of the vulnerability may cause subsets of the encrypted communication to be decrypted by the attacker.

The Cisco Product Security Incident Response Team (PSIRT) is currently investigating which Cisco products are affected by this vulnerability. Any updates specifically related to Cisco products will be communicated according to the Cisco Security Vulnerability Policy and will be published in the Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability.

The Cisco Computer Security Incident Response Team (CSIRT) is investigating Cisco public-facing infrastructure that could be susceptible to this vulnerability to facilitate its remediation.

Mitigation Summary

Cisco recommends customers disable SSLv3 on both the server side and the client side. The method and availability to do this will depend on each product. For example, in administration interfaces over HTTPS, it is likely easier to disable SSLv3 in client browsers than it is in the product itself. 


Effective use of Cisco Sourcefire Next-Generation Intrusion Prevention System (NGIPS) event actions provides visibility into and protection against attacks that attempt to exploit this vulnerability. The Sourcefire Snort SIDs for this vulnerability are 32204 and 32205.