Guest

Preview Tool

Cisco Bug: CSCup22590 - Multiple Vulnerabilities in IOS/IOSd OpenSSL - June 2014

Last Modified

Aug 08, 2020

Products (126)

  • Cisco IOS
  • Cisco 819 Hardened Integrated Services Router
  • Cisco 888W Integrated Services Router
  • Cisco 886VAG 3G Integrated Services Router
  • Cisco Catalyst 2960S-24PD-L Switch
  • Cisco 812 CiFi Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
  • Cisco 2951 Integrated Services Router
  • Cisco Catalyst 2960X-24PS-L Switch
  • Cisco ASR 901-6CZ-F-D Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.0(2)EX 15.1(4)M5.9 15.4(1)S 15.4(1)T1 15.4(2)S

Description (partial)

Symptom:
Some Cisco Internetwork Operating System (IOS) releases may be affected by the following vulnerabilities:

These products include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0195 - DTLS invalid fragment vulnerability
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-0224 - SSL/TLS MITM vulnerability

This bug has been opened to address the potential impact on this product.

Conditions:
Devices running an affected version of Cisco IOS and utilizing an affected configuration.

One of more of these vulnerabilities affect all versions of IOS prior to the versions listed in the Integrated In field of this defect.

Related Community Discussions

7.6MR3 Beta Availability
7.6.122.x Available - 7.6MR3 Beta       Aug  26h 7.6MR3 (7.6.130.0) is now posted in CCO.  Beta for this release is over, thanks!   Support For any new issue during this test, please write to wnbu-mrbeta@external.cisco.com, pre-existing problems would be directed through normal TAC support channels, the image is TAC supported until CCO release of final code   Image types AS_5500* can be used for Wism2/2500/5500 controller types AS_7500* can be used for 7500/8500 AS_CTVM can be used for vWLC   Issues ...
Latest activity: Aug 25, 2014
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.