Guest

Preview Tool

Cisco Bug: CSCus44454 - JANUARY 2015 OpenSSL Vulnerabilities SMA

Last Modified

Jan 30, 2017

Products (1)

  • Cisco Content Security Management Appliance

Known Affected Releases

8.0.0-000 8.3.6-041 9.0.0-000 9.1.0-004 9.1.0-005 9.5.0-000 9.6.0-051

Description (partial)

Symptom:
This product has been investigated to determine the applicability of the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206

Cisco has analyzed this vulnerability and concluded that the product contains a version of OpenSSL which is affected by the following CVEs.

CVE-2015-0204 and CVE-2014-3570.



Conditions:
With default configuration the HTTP server on ESAs managed by SMA has EXPORT ciphers enabled. This can result in CVE-2015-0204 only if ESA is under adversaries' control. 

SMA is affected by CVE-2014-3570. This affected the SMA UI. However no known exploits of this are available.  (Probability 1/2^128).
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.