Meraki

Community

Meraki MX vulnerable to TPM-FAIL side channel attack?

Solved
Austin
Here to help
‎Nov 13 2019 4:49 AM
‎Nov 13 2019 4:49 AM

Meraki MX vulnerable to TPM-FAIL side channel attack?

Hello, is anyone familiar enough with the Meraki internals to tell me if the MX devices are vulnerable to the newly discovered TPM-FAIL side channel attack? It's a timing attack against Intel's fTPM software-based TPM solution (CVE-2019-11090) and STMicroelectronics' ST33 TPM chip (CVE-2019-16863) that allows an attacker to guess the 256-bit private keys based on elliptic curve 25519, purely based on the response time from VPN device to clients. 

 

Here is an article about the vulnerabilities. 

1 Accepted Solution
Nash
Kind of a big deal
‎Nov 13 2019 7:05 AM
‎Nov 13 2019 7:05 AM

I would contact support regarding this issue.

Windows 10 Client VPN scripts: Makes life better!

View solution in original post

5 Replies 5
Nash
Kind of a big deal
‎Nov 13 2019 7:05 AM
‎Nov 13 2019 7:05 AM

I would contact support regarding this issue.

Windows 10 Client VPN scripts: Makes life better!
In response to Nash
jdsilva
Kind of a big deal
‎Nov 13 2019 7:30 AM
‎Nov 13 2019 7:30 AM

Meraki does post some stuff like this here:

 

https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/

 

But not everything always goes there. Usually when Cisco discloses lately they include Meraki in those announcements. I don't see anything from Cisco announced yet. 

 

So for now @Nash has it right, contact support if you need an answer sooner rather than later. 

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 14 2019 2:27 AM
‎Nov 14 2019 2:27 AM

>elliptic curve 

 

I would be surprised if Meraki used elliptic curve algorithyms.  Meraki don't tend to use "newer" encryption algorithyms.  I used the word "newer" very loosly.  It's not that new.

0 Kudos
In response to jdsilva
Austin
Here to help
‎Nov 14 2019 4:39 AM
‎Nov 14 2019 4:39 AM

Hello @jdsilva, that's a great resource. Thanks for pointing it out. 

0 Kudos
Austin
Here to help
‎Nov 14 2019 7:38 AM
‎Nov 14 2019 7:38 AM

I contacted Meraki Support, as @Nash recommended, and received the following good news.

 

Good morning,

Thanks for contacting Cisco Meraki Support!  I would be happy to assist you with this.

We do not use either of those chips, so the MX devices are not vulnerable to the attack. 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.