Preview Tool

Cisco Bug: CSCup22652 - Multiple Vulnerabilities in OpenSSL - June 2014

Last Modified

Jul 21, 2016

Products (11)

  • Cisco IPS 4200 Series Sensors
  • Cisco ASA 5555-X IPS Security Services Processor
  • Cisco IPS 4345 Sensor
  • Cisco ASA 5525-X IPS Security Services Processor
  • Cisco ASA 5545-X IPS Security Services Processor
  • Cisco IPS 4520 Sensor
  • Cisco IPS 4510 Sensor
  • Cisco ASA 5515-X IPS Security Services Processor
  • Cisco IPS 4360 Sensor
  • Cisco ASA 5585-X IPS Security Services Processor
View all products in Bug Search Tool Login Required

Known Affected Releases

6.2(1)E1 7.0(4) 7.0(7)E4 7.0(8)E4 7.1(8)E4 7.1(9)S 7.2(1)E4 7.2(3)V 7.3(1)C

Description (partial)

The Cisco IPS products running software versions
7.3(x), 7.2(x), 7.1(x)

include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-0224 - SSL/TLS MITM vulnerability
CVE-2014-3470 - Anonymous ECDH denial of service
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the 
                                FLUSH+RELOAD Cache Side-channel Attack"

  (i) IPS 4520-XL: This platform is only applicable to IPS Release 7.3(x)
  (ii) Following 7 platforms are applicable only to IPS release 7.1(x): 
	  - IPS 4240

	  - IPS 4255

	  - IPS 4260

	  - IPS 4270-20

	  - ASA 5500 AIP SSM-10

	  - ASA 5500 AIP SSM-20

	  - ASA 5500 AIP SSM-40 
   (iii) Following are the platforms applicable to both 7.2(x) and 7.3(x) IPS releases:
	  - IPS 4345

	  - IPS 4345-DC

	  - IPS 4360

	  - IPS 4510

	  - IPS 4520

	  - ASA 5512-X IPS SSP

	  - ASA 5515-X IPS SSP

	  - ASA 5525-X IPS SSP

	  - ASA 5545-X IPS SSP

	  - ASA 5555-X IPS SSP

	  - ASA 5585-X IPS SSP-10

	  - ASA 5585-X IPS SSP-20

	  - ASA 5585-X IPS SSP-40

	  - ASA 5585-X IPS SSP-60

	 - IPS-4520-XL

Devices that are enabled with Global correlation are affected.
Devices enabled with signature auto-update and any module that interacts with the webserver are also affected.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.