Symptom:
Cisco DX600 series contains a version of OpenSSL that is affected by the vulnerabilities identified by the
following Common Vulnerability and Exposures (CVE) IDs:

CVE-2013-4353: The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS
servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next
Protocol Negotiation record in a TLS handshake.  This has been classified by the vendor as having a CVSS v2
Base Score of 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2013-6449: The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain
version number from an incorrect data structure, which allows remote attackers to cause a denial of service
(daemon crash) via crafted traffic from a TLS 1.2 client.  This has been classified by the vendor as having a
CVSS v2 Base Score of 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2013-6450: The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f
does not properly maintain data structures for digest and encryption contexts, which might allow
man-in-the-middle attackers to trigger the use of a different context and cause a denial of service
(application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.  This has
been classified as having a CVSS v2 Base Score of 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A)

This bug was opened to address the potential impact on this product.

Conditions:
Device with default configuration, runing versions prior to this issue to be fixed.