{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/cocos-ai/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Cocos AI"],"_cs_severities":["high"],"_cs_tags":["vulnerability","relay attack","attested TLS","Cocos AI"],"_cs_type":"advisory","_cs_vendors":["Cocos AI"],"content_html":"\u003cp\u003eCocos AI is a confidential computing system for AI that utilizes attested TLS (aTLS). A critical relay attack vulnerability, identified as CVE-2026-33697, has been discovered in the aTLS implementation affecting versions v0.4.0 through v0.8.2. This vulnerability impacts both AMD SEV-SNP and Intel TDX deployment targets. An attacker who successfully extracts the ephemeral TLS private key during the handshake can relay or divert the attested TLS session. This allows the attacker to impersonate a genuine CoCoS service, potentially gaining unauthorized access to data or operations intended for the legitimate endpoint. Exploitation necessitates extracting the ephemeral TLS private key, achievable through physical access to the server hardware, transient execution attacks, or side-channel attacks. The aTLS implementation was redesigned in v0.7.0, but this redesign did not address the underlying architectural vulnerability. Currently, there is no patch available or complete workaround, posing a significant risk to deployments of Cocos AI.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Compromise:\u003c/strong\u003e The attacker gains physical access to the server hardware or leverages transient execution attacks or side-channel attacks to target the Cocos AI environment.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEphemeral Key Extraction:\u003c/strong\u003e The attacker successfully extracts the ephemeral TLS private key used during the aTLS handshake process.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTLS Session Interception:\u003c/strong\u003e The attacker intercepts the initial TLS handshake between a client and a legitimate Cocos AI service.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelay/Divert Attestation:\u003c/strong\u003e Using the extracted ephemeral key, the attacker relays or diverts the attested TLS session to a malicious endpoint controlled by the attacker.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpersonation:\u003c/strong\u003e The attacker's malicious endpoint presents the stolen attestation evidence to the client, impersonating the legitimate Cocos AI service.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eClient Connection:\u003c/strong\u003e The client, falsely believing it is communicating with the genuine service, establishes a connection with the attacker's endpoint.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Exfiltration/Manipulation:\u003c/strong\u003e The attacker gains unauthorized access to data or operations intended for the legitimate service, potentially exfiltrating sensitive information or manipulating AI processes.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMaintain Persistence:\u003c/strong\u003e The attacker may attempt to maintain a persistent presence within the compromised environment for continued access or further exploitation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33697 allows an attacker to impersonate an attested Cocos AI service, potentially leading to unauthorized access to sensitive data and critical AI operations. This can compromise the confidentiality and integrity of AI models and data processed by Cocos AI. Since the exact deployment numbers are unknown, it's difficult to assess the full scope, but this vulnerability represents a significant risk for any organization using Cocos AI within their infrastructure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available hardening measures such as keeping TEE firmware and microcode up to date to reduce the key-extraction surface as mentioned in the overview.\u003c/li\u003e\n\u003cli\u003eDefine strict attestation policies that validate all available report fields, including firmware versions, TCB levels, and platform configuration registers as noted in the overview.\u003c/li\u003e\n\u003cli\u003eEnable mutual aTLS with CA-signed certificates where deployment architecture permits to mitigate the vulnerability as suggested in the overview.\u003c/li\u003e\n\u003cli\u003eMonitor for unusual network activity originating from Cocos AI servers that may indicate TLS session relaying, using a network monitoring tool.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T14:30:00Z","date_published":"2024-01-03T14:30:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-cocos-ai-relay-attack/","summary":"A relay attack vulnerability, tracked as CVE-2026-33697, exists in the attested TLS (aTLS) implementation of Cocos AI, versions v0.4.0 through v0.8.2, allowing attackers to impersonate a legitimate service and potentially access sensitive data.","title":"Cocos AI Attested TLS Relay Attack Vulnerability (CVE-2026-33697)","url":"https://feed.craftedsignal.io/briefs/2024-01-cocos-ai-relay-attack/"}],"language":"en","title":"CraftedSignal Threat Feed - Cocos AI","version":"https://jsonfeed.org/version/1.1"}