On August 13, 2018 Cisco released an advisory for a new patch on their network operating system after confirming that their IOS (Internetworking Operating System), and its Linux-based counterpart, IOS XE, are both vulnerable to the latest Cryptographic Attack against the IKE (Internet Key Exchange) Protocol.

This Medium Severity vulnerability exists in the Operating Systems use of RSA-encrypted nonces. This vulnerability can be exploited by an unauthorized user/attacker to discover the encrypted nonces that are required for authentication in an IKEv1 session.

“The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces.” Cisco announced in their Security Advisory.

Researchers responsible for uncovering this flaw have said that a successful attack would enable the attacker “to be an active man-in-the middle and read write data to that session.” Meaning they could be secretly relaying messages and altering communication between users without their knowledge.

Cisco have released patches for their vulnerable operating system products, while highlighting there are currently no workarounds available that address this vulnerability.

According to the Cisco Product Security Incident Response Team (PSIRT), there have been no public announcements or reported signs of malicious activity regarding this vulnerability.

It has also been confirmed that the IOS XR software is unaffected by the issue.

Severity: MEDIUM

CVSS Score:  5.9

Advisory details located at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180813-rsa-nonce

Bug Tool description:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve77140