Home/Support/Support Forum/The Qualys report suggesting to update the server and also disable RSA key exchange ciphers for Remediation
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

The Qualys report suggesting to update the server and also disable RSA key exchange ciphers for Remediation

0 votes
Hi There,

Currently, we are working on remediating the vulnerabilities for the Formwork USB Device and provided below is the security vulnerability details for 2 USB network hubs that we currently working on.
The Qualys report suggesting to update the server and also disable RSA key exchange ciphers, could you please help us by providing the related info/support to remediate the server?
Please let me know if you need any more details.

Mitigation:
1. Update your server, the patches are released by most of the vendors.
2. Disable RSA key exchange ciphers.
Note: The server should support forward secrecy. (check Forward secrecy field on SSL Labs results page). Enable DHE/ECDHE ciphers (prefer ECDHE).

Formworks USB device Vulnerabilities:
SEV - 4
Solution - For updates refer to the robot advisory ROBOT (https://robotattack.org/)

Patch:
Following are links for downloading patches to fix the vulnerabilities:
ROBOT (https://robotattack.org/)

Results:
The TLS vulnerability is also known as Return of Bleichenbacher's Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions.To detect this the vulnerable ciphers should be disabled.

Steps for disabling the vulnerable ciphers (https://qualys.secure.force.com/articles/How_To/000002963 )

Thanks,
Madhu Reddy
asked Sep 4, 2020 in USB by Madhu Reddy New to the Community (0 points)

Please log in or register to answer this question.

1 Answer

0 votes
I would suggest contacting Digi Technical Support for help in this. Most likely there is a firmware update or new Certs you can install that address it.

tech.support@digi.com
answered Sep 4, 2020 by mvut Veteran of the Digi Community (14,578 points)
...