I need a solution
Hi;
In an SSL intercept layer, the policy coverage advanced stats is showing that a rule has been hit many times but there is no counter showing at the layer level. is there a reason for that?
Kindly
Wasfi
0
Tag: Transport Layer Security
New flaw in IoT device affects nearly a third of organisations
The report said that last month’s most exploited vulnerabilities were SQL Injection, OpenSSL TLS DTLS Heartbeat Information Disclosure …
Related:
Cisco Firepower Threat Defense Software File Policy Bypass Vulnerability
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system.
The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-ftd-bypass
Security Impact Rating: Medium
CVE: CVE-2019-1970
Related:
Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability
A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device.
The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fnd-dos
Security Impact Rating: Medium
CVE: CVE-2019-1957
Related:
Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability
A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly.
The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition.
Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190710-asa-ftd-dos
Security Impact Rating: High
CVE: CVE-2019-1873
Related:
Cisco Small Business Series Switches Memory Corruption Vulnerability
A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device.
The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-memcorrupt
Security Impact Rating: High
CVE: CVE-2019-1892
Related:
Cisco Web Security Appliance HTTPS Certificate Denial of Service Vulnerability
A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-wsa-dos
Security Impact Rating: High
CVE: CVE-2019-1886
Related:
Intermittent Slowness SSL sites and RDP
I do not need a solution (just sharing information)
Hi all,
Recently encountered a weird slowness on one of the subnets at a customer site, https and rdp appear to be extremely slow. Sometimes reporting that certificate revocation information is not available. RDP sessions after initial password prompt also take between 30-60 seconds to connect. SSL and RDP are fine at other sites / subnets. All go to two proxySG’s upstream (set via wpad file). Feels like the slowness is due to some form of security / certificate checking going on, it’s strange that we only see this issue on one subnet as there are lots of others all going to the same ProxySG devices. Haven’t ruled out other area’s of investigation (e.g. group policy, firewall, switches etc.) but we have seen if disabling the certificate revocation checks speed is hugely improved (sometimes a reboot has been needed to kick this in). However it’s not something I’m overly comfortable leaving disabled.
Does anyone have any suggestions on what this could possibly be or how best to troubleshoot? Seen a couple KB’s related to OCSP and CRL but nothing thats a match for intermittent symptoms we’re seeing. We’re upgrading the devices next week (approxy 10 months out of date) and if no better logging a case with Symantec to see if they could help.
Thanks
0
Related:
URL is not working
I need a solution
One of the URL is not working , i done Packet capture i seen Client sending hello after server sending RST packet.
The same website working open internet.
Even i try to disable detect protocol no luck.
tcp.stream eq 76 — Client to Proxy
tcp.stream eq 77 — Proxy to ocs server
In Browser message:-
Can’t connect securely to this page
This might be because the site uses outdated or unsafe TLS security settings
0
Related:
Secure Mail iOS 19.3.5 and Secure Mail Android 19.6.5 Not Able to Create Account or Connection Error
Before users can create an account in Secure Mail for iOS version 19.3.5 or Secure Mail Android 19.6.5, you must do the following:
1. On Citrix ADC, the following cipher suite value must be added in the SSL Ciphers option: – ECDHE-RSA-AES256-GCM-SHA384.
Note: If the ciphers are already bound, go to step 2.
2. Bind Enable Elliptical Curve Cryptography (ECC).
For details, see ECDSA cipher suites support in the Citrix ADC 12.1 documentation https://docs.citrix.com/en-us/citrix-adc/12-1/ssl/ciphers-available-on-the-citrix-ADC-appliances/ecdhe-ciphers.html.
For FIPS enabled environments, verify that the RSA key size for identity certificate (i.e. server certificate), intermediate certificates, and your root certificate are 2048 or 3072 bits. We do not currently support an RSA key size of 4096 bits in a FIPS-enabled environment . The new crypto library checks for key size and will reject the connection.
For configuration information see the following Citrix support article: https://support.citrix.com/article/CTX205289