what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Cisco Security Advisory 20150310-ssl

Cisco Security Advisory 20150310-ssl
Posted Mar 11, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, or perform a man-in-the-middle attack. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
SHA-256 | 3cc951b2e2fd3d06bb97f2457a80dc5c5cd1ee96a540304ec8ab84ce7843cb09

Cisco Security Advisory 20150310-ssl

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Product

Advisory ID: cisco-sa-20150310-ssl

Revision: 1.0

For Public Release 2015 March 10 16:00 UTC (GMT)

+--------------------------------------------------------------------

Summary
=======

Multiple Cisco products incorporate a version of the OpenSSL package
affected by one or more vulnerabilities that could allow an
unauthenticated, remote attacker to create a denial of service (DoS)
condition, or perform a man-in-the-middle attack.

On January 8, 2015, the OpenSSL Project released a security advisory
detailing eight distinct vulnerabilities. The vulnerabilities are
referenced in this document as follows:

CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service
Vulnerability
CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message
Processing Denial of Service Vulnerability
CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference
Vulnerability
CVE-2014-3572: OpenSSL Elliptic Curve Cryptographic Downgrade
Vulnerability
CVE-2015-0204: OpenSSL RSA Temporary Key Cryptographic Downgrade
Vulnerability
CVE-2015-0205: OpenSSL Diffie-Hellman Certificate Validation
Authentication Bypass Vulnerability
CVE-2014-8275: OpenSSL Certificate Fingerprint Validation
Vulnerability
CVE-2014-3570: OpenSSL BN_sql Function Incorrect Mathematical
Results Issue

This advisory will be updated as additional information becomes available.

Cisco will release free software updates that address these vulnerabilities.

Workarounds that mitigate these vulnerabilities may be available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVP8MJIpI1I6i1Mx3AQLxhA/8DUVbGTvot9vBiI1FpTIp/ZfvAJYKxwAM
taBIzm8sUUA2EP6gewoWmqqrZnzjR4uxXFL1tEHSX08Grw27Rd+Kq8o1LCdmcrRK
le79SejHXVeHrCplGyy6AlnWMizzmFnhHS4QxRKfsuMftTRVCYpvnOR8qYWBUmP4
HuQfc5vYSEcyOFP9Hp6VNOLQqdjxLmXfKmb5L3PiSoZsIFVsrcIcB4OrxiGxvNw/
YCbyb2ty1IrE4y9nLfWacUFQCjHywrl3bQUoNxGPVL1X+piDUUX0Tylar0gIqRS7
pLU+RFxwUMIxlFv37kmoYYg4wjU4Wpsz5gNRwlx0zaldSoerBkY2nUf7EgsFPive
n6PT/8d/e06GTvuD2JQpNNF0NdpRF4y1DERrIpGZ/RDGJco1xHvL/Kbl2xpux5ZP
leteRH4NZXokbjVg8bf2pmN30w7HpD/Qm0X0uLCVSlvWF29g4UsHrdUSl4tgX/V1
d2fCwxEol78BhiCIteKd6y+7vwxNSE6RdYOECwd9jrZGooj3cTP7+MzhquJwuEIf
eskizp4SUyBibCZ+lvHo42WbFH6DEtWkyx6nGzGFP4iCE5BwOIIHwc2rVcWC3VBx
d00FYN/lZPnpLIaV7mo9dSGfVtK9nZlMcsI44WdeAT5fn3A0yqM8IvqgkYy0Cn1h
VYd/dz2A7Qg=
=k6Eo
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close