Guest

Preview Tool

Cisco Bug: CSCur31350 - Multiple Vulnerabilities in OpenSSL - August 2014

Last Modified

Sep 11, 2019

Products (1)

  • Cisco Nexus 5000 Series Switches

Known Affected Releases

6.0(2)N3(0.91) 7.2(0)VX(0.9) 7.2(0.1)PR(0.1) 9.4(1)N1(6.8)

Description (partial)

Symptom:
This product includes a version of SSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-3505
CVE-2014-3506
CVE-2014-3507
CVE-2014-3508
CVE-2014-3510

CVE-2014-3566 (POODLE)

This bug has been opened to address the potential impact on this product.

Conditions:
The POODLE Security issue CVE-2014-3566 exists if we configure LDAP as part of DFA configuration

Something like this

fabric database type network
  server protocol ldap ip 10.95.126.166 vrf management

Or

Onep is configured with "transport type tls ..." option

Or

vmtracker configuration
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.