Preview Tool

Cisco Bug: CSCup22563 - Vulnerabilities in OpenSSL: LDAP over SSL

Last Modified

Sep 12, 2019

Products (8)

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco Nexus 7700 6-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7000 9-Slot Switch
  • Cisco Nexus 7700 10-Slot Switch

Known Affected Releases

5.2(8d) 6.2(7) 6.2(8)

Description (partial)

The following Cisco products

Cisco Nexus 7000 series switches
Cisco MDS 9000 series switches

running software versions:
7.1(0), 6.2(8), 6.2(7), 5.2(8d) 

are affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
CVE-2014-0195 - DTLS invalid fragment vulnerability
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-0224 - SSL/TLS MITM vulnerability
CVE-2014-3470 - Anonymous ECDH denial of service

This bug has been opened to address the potential impact on this product. The above list of versions are not exhaustive.

Devices using LDAP in SSL mode, say, the ones with the following command may be vulnerable:

ldap-server host {ipv4-address | ipv6-address | host-name} [enable-ssl]

All versions prior to the first fixed version of a train are affected by one or more of the above CVE's.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.