-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT External Security Bulletin Redistribution
Identifying and Mitigating Security Exposures When Using No Payload
Encryption Images with Existing Cryptographic Configuration
19 January 2023
AusCERT Security Bulletin Summary
Product: Cisco IOS Software
IOS XE Software
Publisher: Cisco Systems
Operating System: Cisco
Comment: CVSS (Max): None available when published
- --------------------------BEGIN INCLUDED TEXT--------------------
Identifying and Mitigating Security Exposures When Using No Payload Encryption
Images with Existing Cryptographic Configuration
Advisory ID: cisco-sa-npe-hardening-Dkel83jP
First Published: 2023 January 18 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
o Cisco IOS Software and Cisco IOS XE Software images come in two types: The
regular universalk9 image and the No Payload Encryption (NPE)
universalk9_npe image. NPE images were introduced to satisfy import
requirements in some countries that require that the platform does not
support strong payload cryptography. As such, NPE images lack support for
certain cryptographic features, most notably IPsec VPN and Secure Unified
As result, when running an NPE image, the CLI parser no longer supports
commands that are related to those features. When such commands are entered
on the CLI, the parser will respond with an error message that includes the
invalid command. This is the expected behavior, but under some
circumstances this could lead to a leak of cryptographic configuration
The following sequence of events can lead to such a leak:
1. The device is booted and loads a universalk9 image. The device is then
configured with one or more features that require configuring secrets
or key material.
2. The image on the device is replaced by a universalk9_npe image and
rebooted without removing the secrets or key material that was
The software will then parse the existing configuration commands that are
present on the startup-config but will not recognize the configuration
commands that are related to configured strong payload cryptography
features and it will print the corresponding error message to the console.
In certain scenarios, these error messages may include confidential
information like Internet Key Exchange (IKE) pre-shared keys.
This advisory is available at the following link:
o Vulnerable Products
At the time of publication, this issue affected Cisco products if they were
running Cisco IOS Software or Cisco IOS XE Software and had a strong
payload cryptography feature enabled. Strong payload cryptography features
include the following:
Internet Protocol Security (IPsec) VPN
Media Access Control Security (MACsec)
Secure StackWise Virtual
Secure Unified Communications
Wireless Personal Area Network (WPAN)
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this issue.
o To prevent the leaking of confidential information like IKE pre-shared
keys, Cisco recommends that customers take all the following precautions:
Be mindful of which type of image is copied onto a device. Do not store
NPE images on devices that use strong payload cryptography features.
Enable strong encryption (Type 6) if the device will be storing any
credentials for which the device will need access to the plaintext
version of such credential for normal operation.
Enable strong hashing algorithms (Type 8 or Type 9) for non-recoverable
passwords and keys.
Enable the No Service Password-Recovery feature to prevent unauthorized
users who have physical access to the device from loading an NPE image
from an external resource.
Should it become necessary to replace a regular universalk9 image with
an NPE image on a given device, either remove any cryptographic-related
configuration commands before restarting the device or completely
remove the startup configuration and reconfigure the device from
Enable Strong Encryption and Hashing Algorithms for Passwords and Keys
Cisco IOS Software and Cisco IOS XE Software can be configured to encrypt
sensitive passwords and keys of which the actual password or key is
required during operations that use an Advanced Encryption Standard (AES)
symmetric cipher. Cisco IOS Software and Cisco IOS XE Software call this
the Type 6 format, which uses a user-defined master key that is not stored
in the router configuration and cannot be seen or obtained in any way while
connected to the router.
For more information, including configuration steps and examples, see the
Configuring Type 6 Passwords in IOS XE
Configure the Encrypt Pre-shared Keys in Cisco IOS Router
Internet Key Exchange for IPsec VPNs Configuration Guide
Type 8 and Type 9
Type 8 passwords are stored as a PBKDF2 with SHA-256 hash, Type 9 passwords
are stored as a SCRYPT hash. Type 8 and Type 9 passwords have been
supported since Cisco IOS Software Release 15.3(3)M3 and are not
reversible. In Cisco IOS XE Software releases 16.10.1 and later, Type 9 is
the default for hashed passwords and secrets.
To enforce Type 8 passwords, specify algorithm-type sha256. To enforce Type
9 passwords, specify algorithm-type scrypt . For more information, see the
enable algorithm-type section or the password algorithm-type section of the
Cisco IOS Security Command Reference .
Enable the No Service Password-Recovery Feature
The No Service Password-Recovery feature is a security enhancement that
prevents anyone with console access from accessing the router configuration
and clearing the password. It also prevents anyone from changing the
configuration register values and accessing NVRAM.
The No Service Password-Recovery feature is important in regards to the
issue that is described in this advisory because it also prevents anyone
with console access from breaking into ROMMON during bootup. With ROMMON
access, an attacker could load an NPE image from an external source like a
TFTP server or a USB drive to force the error condition even if no NPE
image exists on the device flash.
For instructions on how to enable the No Service Password-Recovery feature,
see the User Security Configuration Guide Cisco IOS Release 15 M and T .
o Cisco would like to thank Daniel Szameitat of E.ON Pentesting for reporting
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
Subscribe to Cisco Security Notifications
Related to This Advisory
| Version | Description | Section | Status | Date |
| 1.0 | Initial public release. | - | Final | 2023-JAN-18 |
o THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT
OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES
THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the
distribution URL is an uncontrolled copy and may lack important information
or contain factual errors. The information in this document is intended for
end users of Cisco products.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to firstname.lastname@example.org
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----