PDF(9.4 KB) View with Adobe Reader on a variety of devices
ePub(86.5 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(73.3 KB) View on Kindle device or Kindle app on multiple devices
Updated:April 2, 2015
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes what you must do to avoid the Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability when you use Adaptive Security Appliances (ASAs) and AnyConnect for Secure Sockets Layer (SSL) connectivity.
The POODLE vulnerability affects certain implementations of the Transport Layer Security version 1 (TLSv1) protocol and could allow an unauthenticated, remote attacker to access sensitive information.
The vulnerability is due to improper block cipher padding implemented in TLSv1 when you use Cipher Block Chaining (CBC) mode. An attacker could exploit the vulnerability in order to perform an "oracle padding" side-channel attack on the cryptographic message. A successful exploit could allow the attacker to access sensitive information.
The ASA allows incoming SSL connections in two forms:
However, none of the TLS implementations on the ASA or the AnyConnect client are affected by POODLE. Instead, the SSLv3 implementation is affected so that any clients (browser or AnyConnect) that negotiate SSLv3 are susceptible to this vulnerability.
Caution: POODLE BITES does however affect the TLSv1 on the ASA. For more information on affected products and fixes, refer to CVE-2014-8730.
Cisco has implemented these solutions to this problem:
All versions of AnyConnect that previously supported (negotiated) SSLv3 have been deprecated and the versions available for download (both v3.1x and v4.0) will not negotiate SSLv3 so they are not susceptible to the issue.
The ASA's default protocol setting has been changed from SSLv3 to TLSv1.0 so that as long as the incoming connection is from a client that supports TLS, that is what will be negotiated.
The ASA can be manually configured to accept only specific SSL protocols with this command:
However, for deployments that use the v3.0.x and v3.1.x AnyConnect versions that have been deprecated (which are all AnyConnect build versions PRE 3.1.05182), and in which SSLv3 negotiation is specifically used, the only solution is to eliminate the use of SSLv3 or consider a client upgrade.
The actual fix for POODLE BITES (Cisco bug ID CSCus08101) will be integrated into the latest interim release versions only. You can upgrade to an ASA version that has the fix to solve the problem. The first available version on Cisco Connection Online (CCO) is Version 9.3(2.2).
The first fixed ASA software releases for this vulnerability are as follows:
8.2 Train: 220.127.116.11
8.4 Train: 18.104.22.168
9.0 Train: 22.214.171.124
9.1 Train: 9.1.6
9.2 Train: 126.96.36.199
9.3 Train: 188.8.131.52
The ASA supports TLSv1.2 as of software version 9.3(2).
AnyConnect Version 4.x clients all support TLSv1.2.
If you use Clientless WebVPN, then any ASA that runs this version of software or higher can negotiate TLSv1.2.
If you use the AnyConnect client, in order to use TLSv1.2, you will need to upgrade to Version 4.x clients.