Cisco Bug: CSCur23709 - ASA : evaluation of SSLv3 POODLE vulnerability
Aug 22, 2017
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
8.2(1) 8.3(1) 8.4(1) 8.5(1) 8.6(1) 8.7(1) 9.0 9.0(1) 9.1(1) 9.2(1) 9.4(1) 99.1
Symptom: The Cisco ASA (Adaptive Security Appliance) includes a version of OpenSSL that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-3566 Conditions: The default SSL configuration on all ASA software trains enables SSLv3. Due to bug CSCug51375, the ASA is unable to disable SSLv3 on most ASA versions. To see the SSL configuration: show run all ssl Default configuration of the ASA: ssl client-version any ssl server-version any The following non-default configuration values also enable SSLv3: ssl client-version sslv3-only ssl client-version sslv3 ssl server-version sslv3-only ssl server-version sslv3 Some of the previously listed options are not available on older ASA software releases.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases