Cisco Bug: CSCus44454 - JANUARY 2015 OpenSSL Vulnerabilities SMA
Jan 30, 2017
- Cisco Content Security Management Appliance
Known Affected Releases
8.0.0-000 8.3.6-041 9.0.0-000 9.1.0-004 9.1.0-005 9.5.0-000 9.6.0-051
Symptom: This product has been investigated to determine the applicability of the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206 Cisco has analyzed this vulnerability and concluded that the product contains a version of OpenSSL which is affected by the following CVEs. CVE-2015-0204 and CVE-2014-3570. Conditions: With default configuration the HTTP server on ESAs managed by SMA has EXPORT ciphers enabled. This can result in CVE-2015-0204 only if ESA is under adversaries' control. SMA is affected by CVE-2014-3570. This affected the SMA UI. However no known exploits of this are available. (Probability 1/2^128).
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases