Guest

Preview Tool

Cisco Bug: CSCus94884 - AIM-SSL is vulnerable to Poodle-TLS CVE-2014-8730

Last Modified

Jan 27, 2017

Products (1)

  • Cisco IOS

Known Affected Releases

15.1(2.0)

Description (partial)

Symptoms:
Cisco IOS running on Cisco 1800/2800/3800 Series Routers with a AIM-VPN/SSL-2 card includes a version of TLS that is affected by the
vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-8730

This vulnerability is hardware dependent.

Note: Cisco 1800/2800/3800 Series Routers and AIM-VPN/SSL-2 card are End of Life products.

Conditions:

Cisco IOS running on 1800/2800/3800 Series Router is affected if the following conditions are verified:
1- The device is configured with AnyConnect or Clientless SSL VPN feature
2- The Cisco AIM-VPN/SSL-2  card is used for hardware crypto accelerator

To verify whether SSL VPN is configured use the ''show webvpn gateway brief'' and verify that the gateway is up. The following example shows a
system with the SSL VPN gateway called TEST:

router#show webvpn gateway brief 

Gateway Name                       Admin  Operation
------------                       -----  ---------
TEST                               up     up  


To verify whether the AIM-VPN/SSL-2  crypto engine is enabled, use the ''show crypto eli s'' command and verify that the AIM-VPN/SSL-2 section is
present.
The following example shows a system configured for onboard.

router#show crypto eli s
AIM-VPN/SSL-2                       Count       msec
Create DH                               4       24.0
Modular Exponentiation                 97        3.8
Create signature                        3       18.6
Verify signature                        2       12.0
Decrypt with private key                2        8.0
SSL Create                              2        4.0
SSL Delete                              1        0.0

[...]

For additional information about other affected Cisco IOS products, refer to Cisco bug id:  CSCus17354
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.