Guest

Preview Tool

Cisco Bug: CSCup28017 - Multiple Vulnerabilities in OpenSSL - June 2014

Last Modified

Dec 21, 2018

Products (1)

  • Cisco CSS 11000 Series Content Services Switches

Known Affected Releases

8.20(6.1)

Description (partial)

Symptom:
The following Cisco products:

  Cisco CSS 11500 Series Content Services Switch with SSL Module

Include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0224 - SSL/TLS MITM vulnerability

This bug has been opened to address the potential impact on this product.

Conditions:
Cisco CSS 11500 that has been configured for backend SSL initiation so the CSS 11500 SSL Module is acting as the client. In this configuration the CSS11500 SSL Module may result in the vulnerability being exploitable by an attacker.

Related Community Discussions

LB 関連: 2014 年に公開された脆弱性のまとめ
SCENARIO 1: this is how DTMF will be sent out SCENARIO 2 SCENARIO 3: SCENARIO 4:     | はじめに  このページでは、2014 年に公開された脆弱性のうち、Cisco 負荷分散装置(ACE10/20/30, ACE4710, CSS) に 関連するものについて紹介します。 1. Security Advisory に関するおさらい 2. CSS, ACE10/20, ACE4710 A3(x) について 3. ACE architecture のおさらい 4. 2014 年に公開された脆弱性一覧   1. Security Advisory に関するおさらい  Cisco では、 セキュリティ脆弱性ポリシーに基づき、重要なセキュリティ問題と考えられるものをセキュリティ アドバイザリ として公開しています。 英語版 http://www.cisco.com/go/psirt 日本語版 http://www.cisco.com/cisco/web/support/JP/loc/security/index.html ...
Latest activity: Aug 30, 2017
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.