CVE-2020-36363 : Security Advisory and Response

Amazon AWS CloudFront TLSv1.2_2019 allows weak ciphers TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384.

Understanding CVE-2020-36363

This CVE involves the use of weak ciphers in Amazon AWS CloudFront TLSv1.2_2019, potentially exposing systems to security risks.

What is CVE-2020-36363?

Amazon AWS CloudFront TLSv1.2_2019 permits the use of weak ciphers, specifically TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which are considered vulnerable by some entities.

The Impact of CVE-2020-36363

The presence of weak ciphers in the CloudFront TLSv1.2_2019 configuration can lead to security vulnerabilities, potentially enabling attackers to exploit the system.

Technical Details of CVE-2020-36363

Amazon AWS CloudFront TLSv1.2_2019 vulnerability details.

Vulnerability Description

The vulnerability allows the use of weak ciphers TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 in CloudFront TLSv1.2_2019.

Affected Systems and Versions

Product: Not applicable
Vendor: Not applicable
Versions: Not applicable

Exploitation Mechanism

Attackers could potentially exploit the weak ciphers to intercept and decrypt sensitive data transmitted over the affected systems.

Mitigation and Prevention

Steps to address and prevent the CVE-2020-36363 vulnerability.

Immediate Steps to Take

Disable the use of weak ciphers in the CloudFront TLSv1.2_2019 configuration.
Monitor for any unauthorized access or unusual activities on the system.

Long-Term Security Practices

Regularly update and patch the system to ensure the latest security measures are in place.
Implement strong encryption protocols and regularly review and update security configurations.

Patching and Updates

Apply patches or updates provided by Amazon AWS to address the vulnerability.