Cisco Bug: CSCup22532 - Multiple Vulnerabilities in OpenSSL - June 2014
Jun 10, 2020
- Cisco ASA 5500-X Series Firewalls
- Cisco ASA 5580 Adaptive Security Appliance
Known Affected Releases
8.0 8.2 8.3 8.4 9.0 9.1 9.2(1)
Symptom: The following Cisco products Cisco Adaptive Security Appliance (ASA) Software v8.0 and later, including: 8.0.2 - 22.214.171.124, 8.1.1 - 126.96.36.199, 8.2.1 - 188.8.131.52, 8.3.1 - 184.108.40.206, 8.4.1 - 220.127.116.11, 8.5.1 - 18.104.22.168, 8.6.1 - 22.214.171.124, 8.7.1 - 126.96.36.199, 9.0.1 - 188.8.131.52, 9.1.1 - 184.108.40.206, and 9.2.1 include a version of openssl that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2014-0195 - DTLS invalid fragment vulnerability CVE-2014-0224 - SSL/TLS MITM vulnerability This bug has been opened to address the potential impact on this product. Cisco has analyzed the following vulnerabilities and concluded that the previously listed products are not impacted: CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection or denial of service CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference CVE-2014-0221 - DTLS recursion flaw CVE-2014-3470 - Anonymous ECDH denial of service Conditions: The Cisco Adaptive Security Appliance (ASA) running software v9.2.1 is vulnerable to CVE-2014-0195 - DTLS invalid fragment vulnerability when SSLVPN is enabled and configured to use DTLS. Previous ASA software releases are NOT affected by this vulnerability. The Cisco Adaptive Security Appliance (ASA) running software v8.0 and later is vulnerable to CVE-2014-0224 - SSL/TLS MITM vulnerability when using the following configurations: * When SSLVPN is enabled and configured to allow clientless VPN tunnels, OR * When TLS-proxy is configured (either stand-alone or in conjunction with the phone proxy feature), OR * When the ASA is configured to join an Active Directory domain using the 'kcd-server' command. When the ASA is acting as a server (or listener) it is not vulnerable. However, since there are no tools available for testing when we are a client, we have to assume that we could be vulnerable. The ASA must be acting as a client, connecting to a server with the SSL vulnerability and the MITM attacker must be on the network between the ASA and the server. Note that "WebVPN" and "SSLVPN" are synonymous.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases