Guest

Preview Tool

Cisco Bug: CSCus42709 - JANUARY 2015 OpenSSL Vulnerabilities

Last Modified

May 14, 2018

Products (1)

  • Cisco ACE 4700 Series Application Control Engine Appliances

Known Affected Releases

3.0(0)A5(3.1)

Description (partial)

Symptom:
This product includes a version of OpenSSL that is affected by the
vulnerability identified by the Common Vulnerability and Exposures (CVE)
IDs:

CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275,
CVE-2015-0204, CVE-2015-0205, CVE-2015-0206

This bug has been opened to address the potential impact on this product.

Conditions:
Cisco ACE Application Control Engine Module (ACE30 only) and
 Cisco ACE Application Control Engine Appliance (ACE4710)
 
 Products act as: SSL/TLS Client, SSL/TLS Server
 
 VulnerabilityACE30/4710 product analysis            Conclusion
 ----------------------------------------------------------------------------------------
 CVE-2014-3571ACE does not use DTLS                      ACE not affected
 CVE-2015-0206ACE does not use DTLS/openssl 1.0.x        ACE not affected
 CVE-2014-3569vulnerability exists                       AFFECTED
 CVE-2014-3572ACE does not use ECDHE                     ACE not affected
 CVE-2015-0204vulnerability exists                       AFFECTED
 CVE-2015-0205 ACE does not use openssl 1.0.x            ACE not affected 
 CVE-2014-8275vulnerability exists                       AFFECTED
 CVE-2014-3570   vulnerability exists                    AFFECTED
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.