Lucene search

K
ciscoCiscoCISCO-SA-20160504-OPENSSL
HistoryMay 04, 2016 - 7:30 p.m.

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016

2016-05-0419:30:00
tools.cisco.com
56

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.969

Percentile

99.7%

On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding.

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl”]

Affected configurations

Vulners
Node
ciscoapplication_and_content_networking_system_softwareMatchany
OR
ciscounityMatchany
OR
ciscoiosMatchany
OR
ciscoprime_access_registrarMatchany
OR
ciscoemergency_responderMatchany
OR
ciscounified_contact_center_hostedMatchany
OR
ciscoios_xr_softwareMatchany
OR
ciscocisco_ons_15454_system_softwareMatchany
OR
ciscounity_expressMatchany
OR
ciscointrusion_prevention_systemMatchany
OR
ciscoadaptive_security_appliance_softwareMatchany
OR
ciscowireless_control_system_softwareMatchany
OR
ciscoace_application_control_engine_module_a3Matchany
OR
ciscowide_area_application_servicesMatchany
OR
ciscowireless_lan_controllerMatchany
OR
ciscounified_contact_center_enterpriseMatchany
OR
ciscoip_interoperability_and_collaboration_systemMatchany
OR
ciscounity_connectionMatchany
OR
ciscotelepresence_mx200Matchany
OR
ciscosecurity_managerMatchany
OR
ciscoace_4700_series_application_control_engine_applianceMatchany
OR
ciscophysical_access_gatewayMatchany
OR
ciscounified_contact_center_expressMatchany
OR
ciscovideo_surveillance_media_serverMatchany
OR
ciscodigital_media_managerMatchany
OR
ciscomeetingplaceMatchany
OR
cisconetwork_analysis_module_softwareMatchany
OR
ciscoironport_encryption_applianceMatchany
OR
ciscowebex_meeting_centerMatchany
OR
cisconetwork_admission_controlMatchany
OR
ciscoanyconnect_secure_mobility_clientMatchany
OR
ciscoshow_and_shareMatchany
OR
ciscomobility_services_engineMatchany
OR
ciscoidentity_services_engine_softwareMatchany
OR
ciscotelepresence_video_communication_serverMatchany
OR
ciscoironport_email_security_applianceMatchany
OR
ciscoasa_cx_context-aware_security_softwareMatchany
OR
ciscoprime_security_managerMatchany
OR
ciscoprime_data_center_network_managerMatchany
OR
ciscoata_187_analog_telephone_adaptorMatchany
OR
ciscoprime_lan_management_solutionMatchany
OR
ciscoemail_security_applianceMatchany
OR
ciscocontent_security_management_applianceMatchany
OR
ciscoaironet_access_point_softwareMatchany
OR
ciscoprime_infrastructureMatchany
OR
ciscoconnected_grid_network_management_systemMatchany
OR
ciscojabber_imMatchanyandroid
OR
ciscowebex_meetings_serverMatchany
OR
ciscowebex_node_for_mcsMatchany
OR
ciscounified_computing_system_central_softwareMatchany
OR
ciscojabberMatchanywindows
OR
ciscoenterprise_content_delivery_systemMatchany
OR
ciscovirtualization_experience_media_engineMatchany
OR
ciscoasr_5000_series_softwareMatchany
OR
ciscofinesseMatchany
OR
ciscounified_ip_phone_8945Matchany
OR
ciscosocialminerMatchany
OR
ciscomediasenseMatchany
OR
ciscovideo_surveillance_4000_ip_cameraMatchany
OR
ciscounified_sip_proxyMatchany
OR
ciscocisco_nexus_1000v_intercloudMatchanyvmware
OR
ciscoprime_network_registrarMatchany
OR
ciscotelepresence_isdn_gw_3241Matchany
OR
ciscodigital_content_managerMatchany
OR
ciscounified_intelligence_centerMatchany
OR
cisconexus_1000vMatchanynexus_1000v
OR
ciscoexpresswayMatchany
OR
ciscoprime_opticalMatchany
OR
ciscojabber_guestMatchany
OR
ciscocisco_visual_quality_experienceMatchany
OR
ciscounified_computing_system_softwareMatchany
OR
ciscotelepresence_serial_gatewayMatchany
OR
ciscoprime_license_managerMatchany
OR
ciscoprime_collaboration_deploymentMatchany
OR
ciscocisco_plug-in_for_openflowMatchany
OR
ciscomate_collectorMatchany
OR
ciscomate_collectorMatchany
OR
ciscomate_liveMatchany
OR
ciscoip_contact_center_expressMatchany
OR
ciscocisco_onepk_all-in-one_virtual_machineMatchany
OR
ciscoprime_network_services_controllerMatchany
OR
ciscotelepresence_isdn_gw_3241Matchany
OR
ciscotelepresence_conductorMatchany
OR
ciscounified_workforce_optimizationMatchany
OR
ciscovideo_surveillance_2500_series_ip_cameraMatchany
OR
ciscovideo_surveillance_2500_series_ip_cameraMatchany
OR
ciscovideo_surveillance_7000_ip_camera_firmwareMatchany
OR
ciscovideo_surveillance_4000_ip_cameraMatchany
OR
ciscowebex_meetingsMatchanyandroid
OR
ciscowebex_meetingsMatchanywindows
OR
ciscofirepower_system_softwareMatchany
OR
ciscoip_phone_8800_seriesMatchany
OR
ciscoprime_collaboration_assuranceMatchany
OR
ciscoprime_collaboration_provisioningMatchany
OR
ciscojabber_software_development_kitMatchany
OR
ciscojabberMatchanymac
OR
ciscojabberMatchany
OR
ciscoapplication_infrastructure_controllerMatchany
OR
ciscopacket_tracerMatchany
OR
ciscoprime_networkMatchany
OR
ciscoprime_security_managerMatchany
OR
ciscoagent_desktopMatchany
OR
ciscodx_series_ip_phones_firmwareMatchany
OR
ciscopaging_serverMatchany
OR
ciscospa112_2-port_phone_adapter_firmwareMatchany
OR
ciscoataMatchany
OR
ciscoataMatchany
OR
ciscounified_ip_phones_9900_series_firmwareMatchany
OR
ciscounified_attendant_console_advancedMatchany
OR
ciscovideoscape_anyres_liveMatchany
OR
ciscovideoscape_distribution_suite_service_brokerMatchany
OR
ciscounified_ip_phone_7900_series_firmwareMatchany
OR
cisconexus_3000Matchany
OR
ciscocisco_policy_suiteMatchany
OR
ciscohosted_collaboration_mediation_fulfillmentMatchany
OR
ciscoregistered_envelope_serviceMatchany
OR
ciscoapplication_and_content_networking_system_softwareMatchany
OR
ciscounityMatchany
OR
ciscoiosMatchany
OR
ciscoprime_access_registrarMatchany
OR
ciscoemergency_responderMatchany
OR
ciscounified_contact_center_hostedMatchany
OR
ciscoios_xr_softwareMatchany
OR
ciscoonsMatch15454_system_software
OR
ciscounity_expressMatchany
OR
ciscointrusion_prevention_systemMatchany
OR
ciscoadaptive_security_appliance_softwareMatchany
OR
ciscowireless_control_system_softwareMatchany
OR
ciscoace_application_control_engine_module_a3Matchany
OR
ciscowide_area_application_servicesMatchany
OR
ciscowireless_lan_controllerMatchany
OR
ciscounified_contact_center_enterpriseMatchany
OR
ciscoip_interoperability_and_collaboration_systemMatchany
OR
ciscounity_connectionMatchany
OR
ciscotelepresence_mx200Matchany
OR
ciscosecurity_managerMatchany
OR
ciscoace_4710Match4700_series_application_control_engine_appliances
OR
ciscophysical_access_gatewayMatchany
OR
ciscounified_contact_center_expressMatchany
OR
ciscovideo_surveillance_media_serverMatchany
OR
ciscodigital_media_managerMatchany
OR
ciscomeetingplaceMatchany
OR
cisconetwork_analysis_module_softwareMatchany
OR
ciscoironport_encryption_applianceMatchany
OR
ciscowebex_meeting_centerMatchany
OR
cisconetwork_admission_controlMatchany
OR
ciscoanyconnect_secure_mobility_clientMatchany
OR
ciscoshow_and_shareMatchany
OR
ciscomobility_services_engineMatchany
OR
ciscoidentity_services_engine_softwareMatchany
OR
ciscotelepresence_video_communication_serverMatchany
OR
ciscoironport_email_security_applianceMatchany
OR
ciscoasa_cx_context-aware_security_softwareMatchany
OR
ciscoprime_security_managerMatchany
OR
ciscoprime_data_center_network_managerMatchany
OR
ciscoataMatch187_analog_telephone_adaptor
OR
ciscoprime_lan_management_solutionMatchany
OR
ciscoemail_security_applianceMatchany
OR
ciscocontent_security_management_applianceMatchany
OR
ciscoaironet_access_point_softwareMatchany
OR
ciscoprime_infrastructureMatchany
OR
ciscoconnected_grid_network_management_systemMatchany
OR
ciscojabber_imMatchanyandroid
OR
ciscowebex_meetings_serverMatchany
OR
ciscowebex_node_for_mcsMatchany
OR
ciscounified_computing_system_central_softwareMatchany
OR
ciscojabberMatchanywindows
OR
ciscoenterprise_content_delivery_systemMatchany
OR
ciscovirtualization_experience_media_engineMatchany
OR
ciscoasr_9904Match5000_series_software
OR
ciscofinesseMatchany
OR
ciscounified_ip_phoneMatch8945
OR
ciscosocialminerMatchany
OR
ciscomediasenseMatchany
OR
ciscovideo_surveillance_managerMatch4000_series_ip_camera
OR
ciscounified_sip_proxyMatchany
OR
cisconexus_1000vMatch1000v_intercloud_for_vmwarenexus_1000v
OR
ciscoprime_network_registrarMatchany
OR
ciscotelepresence_isdn_gw_3241Match3241
OR
ciscodigital_content_managerMatchany
OR
ciscounified_intelligence_centerMatchany
OR
cisconexus_1000vMatch1000v_switchnexus_1000v
OR
ciscoexpresswayMatchany
OR
ciscoprime_opticalMatchany
OR
ciscojabber_guestMatchany
OR
ciscocisco_visual_quality_experienceMatchany
OR
ciscounified_computing_system_softwareMatchany
OR
ciscotelepresence_serial_gatewayMatchany
OR
ciscoprime_license_managerMatchany
OR
ciscoprime_collaboration_deploymentMatchany
OR
ciscocisco_plug-in_for_openflowMatchany
OR
ciscomate_collectorMatchany
OR
ciscomate_collectorMatchany
OR
ciscomate_liveMatchany
OR
ciscoip_contact_center_expressMatchany
OR
ciscocisco_onepk_all-in-one_virtual_machineMatchany
OR
ciscoprime_network_services_controllerMatchany
OR
ciscotelepresence_isdn_gw_3241Matchany
OR
ciscotelepresence_conductorMatchany
OR
ciscounified_workforce_optimizationMatchany
OR
ciscovideo_surveillance_managerMatch3000_series_ip_cameras
OR
ciscovideo_surveillance_managerMatch6000_series_ip_cameras
OR
ciscovideo_surveillance_managerMatch7000_series_ip_cameras
OR
ciscovideo_surveillance_4000_ip_cameraMatchany
OR
ciscowebex_meetingsMatchanyandroid
OR
ciscowebex_meetingsMatch8windows
OR
ciscofirepower_system_softwareMatchany
OR
ciscoip_phone_7960Match8800_series_software
OR
ciscoprime_collaboration_assuranceMatchany
OR
ciscoprime_collaboration_provisioningMatchany
OR
ciscojabber_software_development_kitMatchany
OR
ciscojabberMatchanymac
OR
ciscojabberMatchany
OR
ciscoapplication_infrastructure_controllerMatchany
OR
ciscopacket_tracerMatchany
OR
ciscoprime_networkMatchany
OR
ciscoprime_security_managerMatchany
OR
ciscoagent_desktopMatchany
OR
ciscodx_series_ip_phones_firmwareMatchany
OR
ciscopaging_serverMatchany
OR
ciscocisco_spa112Match2-port_phone_adapter
OR
ciscoataMatchany
OR
ciscoataMatchany
OR
ciscocisco_unifiedMatch7800_series_ip_phones
OR
ciscounified_attendant_console_advancedMatchany
OR
ciscovideoscape_anyres_liveMatchany
OR
ciscovideoscape_distribution_suite_service_brokerMatchany
OR
ciscounified_ip_phoneMatch7900_series
OR
cisconexus_1000vMatch3000_series_switchnexus_1000v
OR
ciscocisco_policy_suiteMatchany
OR
ciscohosted_collaboration_mediation_fulfillmentMatchany
OR
ciscoregistered_envelope_serviceMatchany

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.969

Percentile

99.7%