FREAK ��� Factoring Attack on RSA

Vulnerability Notice
FREAK – Factoring Attack on RSA-Export Keys
Summary
Some implementations of SSL/TLS accept export-grade (512-bit or smaller) RSA keys even when not
specifically requesting export grade ciphers. An attacker able to act as a Man-in-The-Middle (MiTM)
could factor weak temporary RSA keys, obtain session keys, and decrypt SSL/TLS traffic.
Background (From CVE Project)
CVE-2015-0204
Published: March 3, 2015
CVSS Severity: 5.0
Impact
Servers that accept RSA_EXPORT cipher suites put their users at risk from the FREAK.
FREAK – Factoring Attack on RSA-Export Keys / Rev. 03, updated: 30-Mar-15
Owner: Serviceability
Effective Date: 20-Mar-15
Page 1 of 6
Products Potentially Affected
The following is the vulnerability status of the software products supported by Extreme Networks for this issue:
ExtremeXOS (all products)
A, B, C, D, G, I, and 800 Series Fixed Switches
ExtremeWare
IDS/IPS
IdentiFI Wireless
NAC
NetSight
Purview
Ridgeline
Router N, K, SSA, and S Modular Switches
Security Information & Event Manager
Summit WM3000 Series
X-Series Secure Core Router
XSR (X-Pedition Security Router)
Yes (See Impact Details)
No
Investigating
No
Yes (See Impact Details)
Yes (See Impact Details)
No
No
Investigating
No
Investigating
Investigating
Investigating
Investigating
Impact Details
ExtremeXOS (all products)







Vulnerable: Yes
Vulnerable Component: OpenSSL TLS
Describe conditions when component Vulnerability occurs (why/when/how): Whenever EXOS
SSH server with SSL is been invoked by any application like XML, techsupport, etc.
Product version(s) affected: EXOS currently uses OpenSSL version 1.0.1j in all the active releases.
According to openssl.org, this issue got fixed in openssl-1.0.1k (CVE-2015-0204). The latest openssl1.0.2a or openssl-1.0.1m will also have the fix.
Workaround: TBD
Target Fix Release: TBD
Target Month for Fix Release: TBD
A, B, C, D, G, I and 800 Series Fixed Switches

Vulnerable: No
o
Applies only to client-code based on OpenSSL
ExtremeWare

Vulnerable: TBD
FREAK – Factoring Attack on RSA-Export Keys / Rev. 03, updated: 30-Mar-15
Owner: Serviceability
Effective Date: 20-Mar-15
Page 2 of 6
IDS/IPS

Vulnerable: No
o
A vulnerable version of OpenSSL is shipped on appliances prior to version 8.3 MR1, but the
ciphers used by the web server and JMS are limited to not include any of the susceptible
ciphers.
IdentiFi Wireless

Vulnerable: Yes (C25, C4110, C5110, C5210, V2110 only)
o
o


The IdentiFi wireless line of controllers is vulnerable to CVE-2015-0204 although the risk is very
small. The controller has some SSL clients (like curl) that do not contain the patch. Since these
clients are only used to communicate with known file and management servers the risk of a
hack is low.
The IdentiFi wireless line of controllers include a web server that can accept requests for exportgrade cipher suites. Customers can disable the use of export grade encryption by disabling the
"Enable Weak Ciphers" option (on the "Secure Connections" page of the controller module of
the wireless controller GUI).


Vulnerable Component: cURL web client
Describe conditions when component vulnerability occurs (why/when/how): The cURL client is
used to transfer some files to external web sites. The administrator must configure the controller to
push files to the external web site and must explicitly configure the web site address. Consequently the
risk of MITM is low.
Product version(s) affected: All minor releases of release 9.0
Workaround: One option is to temporarily disable Location Batch Reporting on the controller.
Alternatively, ensure that the server location (where reports are being pushed to) has disabled exportgrade cipher suites.
Target Fix Release: 9.21
Target Month for Fix Release: July 2015

Vulnerable: No (AP2600, AP3600, AP3700 & AP3800 series only)


o
The IdentiFi wireless line of APs (AP2600 series, AP3600 series, AP3700 series, and AP3800
series) are not vulnerable to CVE-2015-0204. None of the currently supported models of AP
run web servers so they do not contribute to the vulnerability by permitting the use of exportgrade ciphers.
NAC

Vulnerable: Yes (Only RADIUS)
o
o
Freak is the name for OpenSSL (CVE-2015-0204) and Skip-TLS (CVE-2014-6593) for Java
https://www.nccgroup.com/en/blog/2015/03/smack-skip-tls-and-freak-ssltls-vulnerabilities/
Both versions we ship are vulnerable. OpenSSL is used for NAC's TLS processing for RADIUS,
so that is an issue. Java is used for the web server SSL socket and JMS SSL socket, but we
lock down the ciphers to only allow:
For the NAC web server (HTTPS):
 SSL_RSA_WITH_RC4_128_MD5
FREAK – Factoring Attack on RSA-Export Keys / Rev. 03, updated: 30-Mar-15
Owner: Serviceability
Effective Date: 20-Mar-15
Page 3 of 6




For JMS:







SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
Vulnerable Component: NAC RADIUS Engine
Describe conditions when component Vulnerability occurs (why/when/how):
RADIUS: EAP-TLS, PEAP, EAP-TTLS uses the default cipher list for the OS and has the OpenSSL
vulnerability.
Product version(s) affected: NAC 4.x, 5.x, 6.x both 32bit and 64bit appliances
Workaround: N/A
Target Fix Release: OpenSSL and Java will be updated for 6.3
Target Month for Fix Release: 6.3 Early Access is slated for end of July
NetSight

Vulnerable: No
o
o
Freak is the name for OpenSSL (CVE-2015-0204) and Skip-TLS (CVE-2014-6593) for Java
https://www.nccgroup.com/en/blog/2015/03/smack-skip-tls-and-freak-ssltls-vulnerabilities/
Both versions we ship are vulnerable. OpenSSL is not used on Purview for the web server so
that is not an issue. Java is used for the web server SSL socket and JMS SSL socket, but we
lock down the ciphers to only allow:
For the NetSight web server (HTTPS):
 SSL_RSA_WITH_RC4_128_MD5
 SSL_RSA_WITH_RC4_128_SHA
 TLS_RSA_WITH_AES_128_CBC_SHA
 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
For JMS:
 TLS_RSA_WITH_AES_128_CBC_SHA
Purview

Vulnerable: No
o
o
Freak is the name for OpenSSL (CVE-2015-0204) and Skip-TLS (CVE-2014-6593) for Java
https://www.nccgroup.com/en/blog/2015/03/smack-skip-tls-and-freak-ssltls-vulnerabilities/
Both versions we ship are vulnerable. OpenSSL is not used on Purview for the web server so
that is not an issue. Java is used for the web server SSL socket and JMS SSL socket, but we
lock down the ciphers to only allow:
For the Purview web server (HTTPS) we limit the ciphers to:





SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
FREAK – Factoring Attack on RSA-Export Keys / Rev. 03, updated: 30-Mar-15
Owner: Serviceability
Effective Date: 20-Mar-15
Page 4 of 6
For JMS its:
 TLS_RSA_WITH_AES_128_CBC_SHA
Ridgeline

Vulnerable: TBD
Router N, K, SSA, and S Modular Switches

Vulnerable: No
o
Does not use SSL
Security Information & Event Manager

Vulnerable: TBD
Summit WM3000 Series

Vulnerable: TBD
X-Series Secure Core Router

Vulnerable: TBD
XSR (X-Pedition Security Router)

Vulnerable: TBD
FREAK – Factoring Attack on RSA-Export Keys / Rev. 03, updated: 30-Mar-15
Owner: Serviceability
Effective Date: 20-Mar-15
Page 5 of 6
Repair Recommendations
The resolution to any threat or issue is dependent upon a number of things, including the setup of the
computer network and how the local IT team wants to address the situation. Accordingly, in addition to
updating the software as recommended in this document, the local IT team will need to analyze and address
the situation in a manner that it determines will best address the set-up of its computer network.
Update the software, identified in this Notice, in your Extreme Networks products by replacing it with the latest
releases from Extreme Networks including those listed above.
Firmware and software can be downloaded from www.extremenetworks.com/support.
Additional Information

https://freakattack.com/
Legal Notice
This advisory notice is provided on an “as is” basis and Extreme Networks makes no representations or
warranties of any kind, expressly disclaiming the warranties of merchantability or fitness for a particular use.
Use of the information provided herein or materials linked from this advisory notice is at your own risk. Extreme
Networks reserves the right to change or update this document at any time, and expects to update this
document as new information becomes available. The information provided herein is applicable to current
Extreme Networks products identified herein and is not intended to be any representation of future functionality
or compatibility with any third-party technologies referenced herein. This notice shall not change any contract
or agreement that you have entered into with Extreme Networks.
Revision History
Rev. No.
Date Modified
Description / Milestone
1.0
20-Mar-15
First release
2.0
23-Mar-15
Update NAC, NetSight, Purview, Router N, K, SSA
3.0
23-Mar-15
EXOS
4.0
29-Mar-15
Update NAC Target Fix Release and Target Month
FREAK – Factoring Attack on RSA-Export Keys / Rev. 03, updated: 30-Mar-15
Owner: Serviceability
Effective Date: 20-Mar-15
Page 6 of 6