Hi There,
Currently, we are working on remediating the vulnerabilities for the Formwork USB Device and provided below is the security vulnerability details for 2 USB network hubs that we currently working on.
The Qualys report suggesting to update the server and also disable RSA key exchange ciphers, could you please help us by providing the related info/support to remediate the server?
Please let me know if you need any more details.
Mitigation:
- Update your server, the patches are released by most of the vendors.
- Disable RSA key exchange ciphers.
Note: The server should support forward secrecy. (check Forward secrecy field on SSL Labs results page). Enable DHE/ECDHE ciphers (prefer ECDHE).
Formworks USB device Vulnerabilities:
SEV - 4
Solution - For updates refer to the robot advisory ROBOT (https://robotattack.org/)
Patch:
Following are links for downloading patches to fix the vulnerabilities:
ROBOT (https://robotattack.org/)
Results:
The TLS vulnerability is also known as Return of Bleichenbacher’s Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions.To detect this the vulnerable ciphers should be disabled.
Steps for disabling the vulnerable ciphers (https://qualys.secure.force.com/articles/How_To/000002963 )
Thanks,
Madhu Reddy