Guest

Preview Tool

Cisco Bug: CSCur28178 - Nexus3000/3500: evaluation of SSLv3 POODLE vulnerability

Last Modified

Mar 23, 2018

Products (7)

  • Cisco Nexus 3000 Series Switches
  • Cisco Nexus 3064 Switch
  • Cisco Nexus 3016 Switch
  • Cisco Nexus 3064-T Switch
  • Cisco Nexus 3048 Switch
  • Cisco Nexus 3132Q Switch
  • Cisco Nexus 3172 Switch

Known Affected Releases

6.0(2)U4(1)

Description (partial)



Symptom:

This product includes a version of SSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-3566

This bug has been opened to address the potential impact on this product.



Conditions:


Web based HTTPS interface is provided in Nexus 3000 only when "feature nxapi" is enabled.
This feature support came in from 6.0(2)U4(1) onwards, and is disabled by default.
When this feature is not enabled, Nexus 3000 is not vulerable.

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.