Cisco Bug: CSCup22532 - Multiple Vulnerabilities in OpenSSL - June 2014

Last Modified

Jun 10, 2020

Products (2)

Cisco ASA 5500-X Series Firewalls
Cisco ASA 5580 Adaptive Security Appliance

Known Affected Releases

8.0 8.2 8.3 8.4 9.0 9.1 9.2(1)

Description (partial)

Symptom:
The following Cisco products

Cisco Adaptive Security Appliance (ASA) Software v8.0 and later, including: 
    8.0.2 - 8.0.5.39,
    8.1.1 - 8.1.2.56,
    8.2.1 - 8.2.5.49,
    8.3.1 - 8.3.2.40,
    8.4.1 - 8.4.7.20,
    8.5.1 - 8.5.1.20,
    8.6.1 - 8.6.1.13,
    8.7.1 - 8.7.1.11,
    9.0.1 - 9.0.4.13,
    9.1.1 - 9.1.5.7, and
    9.2.1

include a version of openssl that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0195 - DTLS invalid fragment vulnerability
CVE-2014-0224 - SSL/TLS MITM vulnerability

This bug has been opened to address the potential impact on this product.

Cisco has analyzed the following vulnerabilities and concluded that the previously listed products are not impacted:

CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection or denial of service
CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-3470 - Anonymous ECDH denial of service

Conditions:
The Cisco Adaptive Security Appliance (ASA) running software v9.2.1 is vulnerable to CVE-2014-0195 - DTLS invalid fragment vulnerability when SSLVPN is enabled and configured to use DTLS.  Previous ASA software releases are NOT affected by this vulnerability.

The Cisco Adaptive Security Appliance (ASA) running software v8.0 and later is vulnerable to CVE-2014-0224 - SSL/TLS MITM vulnerability when using the following configurations:

* When SSLVPN is enabled and configured to allow clientless VPN tunnels, OR
* When TLS-proxy is configured (either stand-alone or in conjunction with the phone proxy feature), OR
* When the ASA is configured to join an Active Directory domain using the 'kcd-server' command.

When the ASA is acting as a server (or listener) it is not vulnerable.  However, since there are no tools available for testing when we are a client, we have to assume that we could be vulnerable. The ASA must be acting as a client, connecting to a server with the SSL vulnerability and the MITM attacker must be on the network between the ASA and the server.

Note that "WebVPN" and "SSLVPN" are synonymous.

Related Community Discussions

<key>CSCup22532</key> - Multiple Vulnerabilities in OpenSSL - June 2014

How can I get the version 9.1.5.9 (posted on 7/7/2014) for the ASA 5580-40? There ist only the Verson 9.1.5 from 3/31/2014 to download

Latest activity: Dec 01, 2014

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts

Preview Tool