Cocos AI Attested TLS Relay Attack Vulnerability

A relay attack vulnerability has been identified in the attested TLS (aTLS) implementation of Cocos AI, affecting all versions from v0.4.0 prior to v0.8.2. This vulnerability exists in both the AMD SEV-SNP and Intel TDX deployment targets supported by Cocos AI. The issue arises because an attacker can extract the ephemeral TLS private key used during the intra-handshake attestation. Since the attestation evidence is linked to the ephemeral key but not to the TLS channel, possession of that key allows the attacker to relay or divert the attested TLS session. As a result, a client may mistakenly believe it is communicating with a genuine attested endpoint, undermining the authentication guarantees of attested TLS. This could enable an attacker to impersonate an attested Cocos service and access data or operations intended for the authentic endpoint. Exploitation requires extracting the ephemeral TLS private key, which can be achieved through physical access to the server hardware, transient execution attacks, or side-channel attacks.

Impact

Successful exploitation allows an attacker to impersonate an attested Cocos service, accessing data or operations intended for the genuine endpoint.

Remediation

There is currently no patch available for this vulnerability. However, the following hardening measures can reduce the risk: keep TEE firmware and microcode up to date to minimize the key-extraction surface; define strict attestation policies that validate all available report fields, including firmware versions, TCB levels, and platform configuration registers; and enable mutual aTLS with CA-signed certificates where deployment architecture permits.