Cisco Bug: CSCus42709 - JANUARY 2015 OpenSSL Vulnerabilities

Last Modified

Jun 29, 2018

Products (1)

Cisco ACE 4700 Series Application Control Engine Appliances

Known Affected Releases

3.0(0)A5(3.1)

Description (partial)

Symptom:
This product includes a version of OpenSSL that is affected by the
vulnerability identified by the Common Vulnerability and Exposures (CVE)
IDs:

CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275,
CVE-2015-0204, CVE-2015-0205, CVE-2015-0206

This bug has been opened to address the potential impact on this product.

Conditions:
Cisco ACE Application Control Engine Module (ACE30 only) and
 Cisco ACE Application Control Engine Appliance (ACE4710)
 
 Products act as: SSL/TLS Client, SSL/TLS Server
 
 VulnerabilityACE30/4710 product analysis            Conclusion
 ----------------------------------------------------------------------------------------
 CVE-2014-3571ACE does not use DTLS                      ACE not affected
 CVE-2015-0206ACE does not use DTLS/openssl 1.0.x        ACE not affected
 CVE-2014-3569vulnerability exists                       AFFECTED
 CVE-2014-3572ACE does not use ECDHE                     ACE not affected
 CVE-2015-0204vulnerability exists                       AFFECTED
 CVE-2015-0205 ACE does not use openssl 1.0.x            ACE not affected 
 CVE-2014-8275vulnerability exists                       AFFECTED
 CVE-2014-3570   vulnerability exists                    AFFECTED

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts