The vulnerability in CoCoS's attested TLS implementation arises because the ephemeral TLS private key used during handshake attestation can be extracted by an attacker with physical or side-channel access. Since the attestation evidence is bound to the ephemeral key but not the TLS channel, possession of this key allows an attacker to relay or divert the attested TLS session, causing clients to accept connections under false assumptions about the endpoint's authenticity. This breaks the intended entity authentication in the attested TLS protocol. The issue affects all CoCoS versions from 0.4.0 to 0.8.2, including the redesigned aTLS implementation in v0.7.0, and impacts deployments on AMD SEV-SNP and Intel TDX. The vulnerability has been formally analyzed and verified, with no patch available as of the publication date.

Successful exploitation allows an attacker to impersonate a genuine attested CoCoS service, potentially gaining unauthorized access to data or operations intended only for the authentic endpoint. This compromises confidentiality and integrity of communications relying on attested TLS. The attack requires extraction of ephemeral TLS private keys via physical access or advanced side-channel or transient execution attacks. There is no known exploitation in the wild at this time.

No official patch or complete workaround is currently available for this vulnerability. To reduce risk, it is recommended to keep TEE firmware and microcode up to date to minimize key-extraction attack surfaces; enforce strict attestation policies validating all report fields including firmware versions, TCB levels, and platform configuration registers; and enable mutual attested TLS with CA-signed certificates where the deployment architecture allows. These measures reduce but do not eliminate the risk. Monitor vendor advisories for updates on patch availability.