Preview Tool

Cisco Bug: CSCut46035 - MARCH 2015 OpenSSL Vulnerabilities

Last Modified

Jan 29, 2016

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases


Description (partial)

The following Cisco products

ASA-CX 5512
ASA-CX 5515
ASA-CX 5525
ASA-CX 5545
ASA-CX 5555
ASA-CX 5585-10
ASA-CX 5585-20
ASA-CX 5585-40
ASA-CX 5585-60

All ASA-CX versions released through 2015-03-19 are affected.
Include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2015-0293 - DoS via reachable assert in SSLv2 servers
CVE-2015-0292 - Base64 decode
CVE-2015-0289 - PKCS7 NULL pointer dereferences
CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error

This bug has been opened to address the potential impact on this product.

Devices with any configuration including the default configuration.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.