Preview Tool

Cisco Bug: CSCuw41120 - IOS PKI: Temp Self-signed sequence number encoded as signed integer

Last Modified

Feb 15, 2019

Products (95)

  • Cisco IOS
  • Cisco 819 Hardened Integrated Services Router
  • Cisco 898 Secure G.SHDSL EFM/ATM with Multi-Mode 4G LTE ISR Router
  • Cisco VG204XM Analog Voice Gateway
  • Cisco 1905 Serial Integrated Services Router
  • Cisco 892W Integrated Services Router
  • Cisco 888W Integrated Services Router
  • Cisco C892FSP Integrated Services Router
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco 812 CiFi Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases


Description (partial)

When IOS performs Renewal using Temp self-signed certificate (i.e. when the CA does not support Renewal capability):
- Each POLL/Retry causes new temp self-signed cert to be generated, which is in turn used to sign the PKCS#7 Enveloped Data.
- When the sequence number of this temp self-signed cert goes beyond [dec/bin/hex] 127/01111111/0x7F, the first bit in binary becomes 1, hence in order to stay unsigned and not become a negative value we must append an extra byte of 0's. Currently IOS does not do this.

While sending out GetCertInitial messages, the Sequence number is encoded as a signed (negative) integer. 3rd Party [RFC compliant] CAs may respond with a CertRep message containing unsigned sequence number (in the Recipient Info section in the PKCS#7 enveloped data). At this stage, IOS may fail to read the pkcs7 enveloped data.

IOS PKI Client configured to auto-enroll [renew] with a CA that does not support Renewal capability.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.