Guest

Preview Tool

Cisco Bug: CSCup22652 - Multiple Vulnerabilities in OpenSSL - June 2014

Last Modified

Jul 21, 2016

Products (11)

  • Cisco IPS 4200 Series Sensors
  • Cisco ASA 5555-X IPS Security Services Processor
  • Cisco IPS 4345 Sensor
  • Cisco ASA 5525-X IPS Security Services Processor
  • Cisco ASA 5545-X IPS Security Services Processor
  • Cisco IPS 4520 Sensor
  • Cisco IPS 4510 Sensor
  • Cisco ASA 5515-X IPS Security Services Processor
  • Cisco IPS 4360 Sensor
  • Cisco ASA 5585-X IPS Security Services Processor
View all products in Bug Search Tool Login Required

Known Affected Releases

6.2(1)E1 7.0(4) 7.0(7)E4 7.0(8)E4 7.1(8)E4 7.1(9)S 7.2(1)E4 7.2(3)V 7.3(1)C

Description (partial)

Symptom:
The Cisco IPS products running software versions
7.3(x), 7.2(x), 7.1(x)

include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-0224 - SSL/TLS MITM vulnerability
CVE-2014-3470 - Anonymous ECDH denial of service
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the 
                                FLUSH+RELOAD Cache Side-channel Attack"


  
  (i) IPS 4520-XL: This platform is only applicable to IPS Release 7.3(x)
  
  (ii) Following 7 platforms are applicable only to IPS release 7.1(x): 
	  - IPS 4240

	  - IPS 4255

	  - IPS 4260

	  - IPS 4270-20

	  - ASA 5500 AIP SSM-10

	  - ASA 5500 AIP SSM-20

	  - ASA 5500 AIP SSM-40 
   
   (iii) Following are the platforms applicable to both 7.2(x) and 7.3(x) IPS releases:
	  - IPS 4345

	  - IPS 4345-DC

	  - IPS 4360

	  - IPS 4510

	  - IPS 4520

	  - ASA 5512-X IPS SSP

	  - ASA 5515-X IPS SSP

	  - ASA 5525-X IPS SSP

	  - ASA 5545-X IPS SSP

	  - ASA 5555-X IPS SSP

	  - ASA 5585-X IPS SSP-10

	  - ASA 5585-X IPS SSP-20

	  - ASA 5585-X IPS SSP-40

	  - ASA 5585-X IPS SSP-60

	 - IPS-4520-XL

Conditions:
Devices that are enabled with Global correlation are affected.
Devices enabled with signature auto-update and any module that interacts with the webserver are also affected.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.