Guest

Preview Tool

Cisco Bug: CSCur30094 - Nexus 5000 : evaluation of SSLv3 POODLE vulnerability

Last Modified

Jun 30, 2017

Products (10)

  • Cisco Nexus 5000 Series Switches
  • Cisco Nexus 5548P Switch
  • Cisco Nexus 5596UP Switch
  • Cisco Nexus 6004 Switch
  • Cisco Nexus 5672UP Switch
  • Cisco Nexus 6001 Switch
  • Cisco Nexus 5548UP Switch
  • Cisco Nexus 56128P Switch
  • Cisco Nexus 5696Q Switch
  • Cisco Nexus 5596T Switch

Known Affected Releases

6.0(2)N3(0.91) 7.0(4)N1(1) 7.1(0)ZN(91.34) 7.2(0)N1(0.76) 7.2(0)N1(0.82) 7.2(0)N1(0.85) 7.2(0)N1(0.88) 7.2(0)VX(0.9) 7.2(0.1)PR(0.1) 7.9(0)ZD(0.4)

Description (partial)

Symptom:
This product includes a version of SSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-3505
CVE-2014-3506
CVE-2014-3507
CVE-2014-3508
CVE-2014-3510

CVE-2014-3566 (POODLE)

This bug has been opened to address the potential impact on this product.

Conditions:
The POODLE Security issue CVE-2014-3566 exists if we configure LDAP as part of DFA configuration

Something like this

fabric database type network
  server protocol ldap ip 10.95.126.166 vrf management *enable-ssl*

Or

Onep is configured with "transport type tls ..." option:
onep
  transport type tls [...]

Or

vmtracker is configured:
feature vmtracker
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.