Guest

Preview Tool

Cisco Bug: CSCur27985 - ACE10/ACE20/4710 (A3x) evaluation of SSLv3 POODLE vulnerability

Last Modified

Sep 11, 2019

Products (1)

  • Cisco ACE Application Control Engine Module

Known Affected Releases

3.0(0)A2(3.6d)

Description (partial)

Symptom:
This product includes a version of SSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-3566

This bug has been opened to address the potential impact on this product.

Conditions:
1. The ACE is configured with a SSL hardware card along with a configured with includes SSL Initiation, SSL Termination and/or SSL End-to-End.

2. The ACE10/ACE20 do not use SSLv3 for management and local connections to the box.

3. The ACE 4710 (ace-appliance) running A3.x software does use Device Manager (DM) via SSL and it remains to be determined if there is a vulnerability in this case.

Related Community Discussions

LB 関連: 2014 年に公開された脆弱性のまとめ
    はじめに  このページでは、2014 年に公開された脆弱性のうち、Cisco 負荷分散装置(ACE10/20/30, ACE4710, CSS) に 関連するものについて紹介します。 1. Security Advisory に関するおさらい 2. CSS, ACE10/20, ACE4710 A3(x) について 3. ACE architecture のおさらい 4. 2014 年に公開された脆弱性一覧   1. Security Advisory に関するおさらい  Cisco では、 セキュリティ脆弱性ポリシーに基づき、重要なセキュリティ問題と考えられるものをセキュリティ アドバイザリ として公開しています。 英語版 http://www.cisco.com/go/psirt 日本語版 http://www.cisco.com/cisco/web/support/JP/loc/security/index.html   この情報は下記のような複数の方法で受信することができます。 Cisco.com http://www.cisco.com/security/ E-mail ...
Latest activity: Aug 30, 2017
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.