-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: ARUBA-PSA-2018-002 CVE: CVE-2017-13099 Publication Date: 2018-March-28th Status: Confirmed Revision: 2 Title ===== Return Of Bleichenbacher's Oracle Threat (ROBOT) Overview ======== The cryptography library used by Aruba Instant provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker may be able to recover private keys for X.509 certificates. This vulnerability is referred to as "ROBOT." Affected Products ================= -- Aruba Instant (IAP) prior to version 6.5.4.7 Unaffected Products =================== -- All other Aruba products are not affected including switches, software, and wireless are not affected -- HP/HPE/Aruba campus and branch switches are not affected -- All legacy HP wireless products are not affected Details ======= Please see https://robotattack.org/ for full details, including the original research paper. Aruba Instant (IAP) incorporates the WolfSSL cryptographic library to provide certain cryptographic functions, including HTTPS and TLS/SSL. WolfSSL contains a "weak" form of the ROBOT vulnerability. The research paper describes "weak" as meaning "taking a long time to attack," although it does not quantify this statement. According to WolfSSL, tests against the WolfSSL cryptographic library failed to extract even a single bit of the key after a two-week test that consisted of over 30 million attempts. Although the researcher's theory predicts that key extraction should be possible against WolfSSL, so far it has not been demonstrated to be practical. Aruba currently judges the severity of this vulnerability to be "low". Accordingly, Aruba will patch it in the next scheduled maintenance release and will not be releasing emergency patches. Resolution ========== Aruba will fix this issue in InstantOS version 6.5.4.7 and higher. Specifically, Aruba plans to: - Update WolfSSL to a non-vulnerable version - Disable static-key TLS ciphersuites so that all TLS sessions use ephemeral keys Workarounds =========== As a standard best practice, Aruba recommends that IAP administrators restrict access to the administrative HTTPS interface so that the interface is not available to untrusted users. Exploitation and Public Discussion ================================== Aruba is aware of significant public discussion of this issue. Attack tools are readily available which are effective against the "strong" form of the oracle. No attack tools are available which are effective against the "weak" form of the oracle covered by this advisory. Revision History ================ Revision 1 / 2018-Jan-30 / Initial release Revision 2 / 2018-Mar-28 / Updated fix version Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: http://www.arubanetworks.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public key can be found at: http://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2018 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAlq7qHIACgkQmP4JykWF htlt5wgAiI0ZHjBraNix78BV89r4GvHleWnmh90lUeyHF/jSUZUZ7uv/MTj6P+N8 IlxX9yRJwLH6CO6043f9Ah0GkTB1E0z7DSrakWWeUERJWqv35koGi3tdDfKyOf8y vLcJzWrYaJR+6jeZ6meBlwy7wDfMpYTv8FP+miU72LyuKAKmRtEFbqCTsGYs4nHa CFNX9UsIvrP82g6ZTBfDV8r0VgnBOvZ8CqCyI32x/QORdP1V6lBKpmd+g2pq9xP0 /BLWkV3+D6rd7+f7/xS0EG5HyqKyTd/NtKgukyDbCodUdkK/cry9RVAjNPYm2tZK YhNqxUa32qSvGHHk1KLKnemngHFL+w== =Ovin -----END PGP SIGNATURE-----