Hello, is anyone familiar enough with the Meraki internals to tell me if the MX devices are vulnerable to the newly discovered TPM-FAIL side channel attack? It's a timing attack against Intel's fTPM software-based TPM solution (CVE-2019-11090) and STMicroelectronics' ST33 TPM chip (CVE-2019-16863) that allows an attacker to guess the 256-bit private keys based on elliptic curve 25519, purely based on the response time from VPN device to clients.
Here is an article about the vulnerabilities.
Solved! Go to solution.
I would contact support regarding this issue.
I would contact support regarding this issue.
Meraki does post some stuff like this here:
https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/
But not everything always goes there. Usually when Cisco discloses lately they include Meraki in those announcements. I don't see anything from Cisco announced yet.
So for now @Nash has it right, contact support if you need an answer sooner rather than later.
>elliptic curve
I would be surprised if Meraki used elliptic curve algorithyms. Meraki don't tend to use "newer" encryption algorithyms. I used the word "newer" very loosly. It's not that new.
I contacted Meraki Support, as @Nash recommended, and received the following good news.
Good morning,
Thanks for contacting Cisco Meraki Support! I would be happy to assist you with this.
We do not use either of those chips, so the MX devices are not vulnerable to the attack.