Guest

Preview Tool

Cisco Bug: CSCzv27671 - ESA - Transport Layer Security Renegotiation Vulnerability

Last Modified

Dec 11, 2019

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

7.6.0-444 8.0.0-000

Description (partial)

Symptom:

An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol that could impact any Cisco product that uses any version of
TLS  and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack.

This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml

Conditions:
See PSIRT Security Advisory.

Workaround
See PSIRT Security Advisory.

Further Problem Description:
See PSIRT Security Advisory.

PSIRT Evaluation:
Cisco has released free software updates that address this vulnerability.
Additional information on Cisco's security vulnerability policy can be found at the following URL

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html


Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.