Guest

Preview Tool

Cisco Bug: CSCuo13443 - CVE-2013-6450 OpenSSL Multiple Denial of Service Vulnerabilities

Last Modified

Jan 30, 2020

Products (1)

  • Cisco Wide Area Application Services (WAAS) Appliances

Known Affected Releases

5.4(0)

Description (partial)

Symptoms:

Cisco WAAS includes a version of OpenSSL (1.0.0a with patches) that some scanners may flag as affected by the vulnerabilities identified by the 
following Common Vulnerability and Exposures (CVE) IDs:

CVE-2013-6450 , CVE-2013-6449  and  CVE-2013-4353  

Cisco has analyzed these vulnerabilities and concluded that the product is not impacted.

Conditions:
Not applicable

WAAS is not vulnerable as it doesn'tt support the affected features - TLS 1.2, DTLS and Next Protocol Negotiation.

The code fix applied via this bug was the patch of CVE-2013-6450, given that OpenSSL 1.0.0a has code support for DTLS but the path to this code 
is not reached via any configuration of the WAAS.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.