Lucene search

K
ciscoCiscoCISCO-SA-20160927-OPENSSL
HistorySep 27, 2016 - 10:40 p.m.

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016

2016-09-2722:40:00
tools.cisco.com
251

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.911

Percentile

98.9%

On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity.”

Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as “High Severity” and the other as “Moderate Severity.”

Of the 16 released vulnerabilities:

Fourteen track issues that could result in a denial of service (DoS) condition
One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality
One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system
Five of the 16 vulnerabilities exclusively affect the recently released OpenSSL versions that are part of the 1.1.0 release series, which has not yet been integrated into any Cisco product.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl”]

Affected configurations

Vulners
Node
ciscoapplication_and_content_networking_system_softwareMatchany
OR
ciscoprime_access_registrarMatchany
OR
ciscoemergency_responderMatchany
OR
ciscounified_contact_center_hostedMatchany
OR
ciscoios_xr_softwareMatchany
OR
ciscocisco_ons_15454_system_softwareMatchany
OR
ciscounity_expressMatchany
OR
cisconac_applianceMatchany
OR
ciscointrusion_prevention_systemMatchany
OR
ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatchany
OR
ciscoace_application_control_engine_module_a3Matchany
OR
ciscocisco_wide_area_application_services_\(waas\)Matchany
OR
ciscowireless_lan_controllerMatchany
OR
ciscounified_contact_center_enterpriseMatchany
OR
ciscounified_meetingplaceMatchany
OR
ciscoip_interoperability_and_collaboration_systemMatchany
OR
ciscounity_connectionMatchany
OR
ciscotelepresence_mx200Matchany
OR
ciscosecurity_managerMatchany
OR
ciscoace_4700_series_application_control_engine_applianceMatchany
OR
ciscounified_contact_center_expressMatchany
OR
ciscocisco_ios_xe_softwareMatchany
OR
ciscovideo_surveillance_media_serverMatchany
OR
ciscodigital_media_playerMatchany
OR
ciscodigital_media_managerMatchany
OR
cisconetwork_analysis_module_softwareMatchany
OR
ciscowebex_event_centerMatchany
OR
ciscowebex_meeting_centerMatchany
OR
ciscowebex_support_centerMatchany
OR
ciscowebex_training_centerMatchany
OR
cisconetwork_admission_controlMatchany
OR
ciscoanyconnect_secure_mobility_clientMatchany
OR
ciscoshow_and_shareMatchany
OR
ciscomobility_services_engineMatchany
OR
ciscoidentity_services_engine_softwareMatchany
OR
ciscotelepresence_video_communication_serverMatchany
OR
ciscoprime_data_center_network_managerMatchany
OR
cisco300_series_managed_switchesMatchany
OR
ciscosmall_business_500_series_stackable_managed_switches_firmwareMatchany
OR
ciscoata_187_analog_telephone_adaptorMatchany
OR
ciscoprime_lan_management_solutionMatchany
OR
ciscounified_communications_domain_managerMatchany
OR
ciscoemail_security_applianceMatchany
OR
ciscocontent_security_management_applianceMatchany
OR
ciscoprime_infrastructureMatchany
OR
ciscoconnected_grid_network_management_systemMatchany
OR
ciscocisco_jabber_im_for_androidMatchany
OR
ciscowebex_meetings_serverMatchany
OR
ciscowebex_node_for_mcsMatchany
OR
ciscounified_computing_system_central_softwareMatchany
OR
ciscocisco_jabber_for_windowsMatchany
OR
ciscoenterprise_content_delivery_systemMatchany
OR
ciscoasr_5000_series_softwareMatchany
OR
ciscounified_ip_phone_8945Matchany
OR
ciscosocialminerMatchany
OR
ciscomediasenseMatchany
OR
ciscotelepresence_system_tx9000Matchany
OR
ciscovideo_surveillance_4000_ip_cameraMatchany
OR
ciscounified_sip_proxyMatchany
OR
ciscomedia_experience_engineMatchany
OR
ciscocisco_nexus_1000v_intercloudMatchanyvmware
OR
ciscoprime_network_registrarMatchany
OR
ciscoucs_directorMatchany
OR
ciscodigital_content_managerMatchany
OR
ciscounified_intelligence_centerMatchany
OR
cisconexus_1000vMatchanynexus_1000v
OR
ciscoexpresswayMatchany
OR
ciscoprime_opticalMatchany
OR
ciscojabber_guestMatchany
OR
ciscocisco_visual_quality_experienceMatchany
OR
ciscotelepresence_serial_gatewayMatchany
OR
ciscoprime_license_managerMatchany
OR
ciscoprime_collaboration_deploymentMatchany
OR
ciscocisco_plug-in_for_openflowMatchany
OR
ciscoip_contact_center_expressMatchany
OR
ciscocisco_onepk_all-in-one_virtual_machineMatchany
OR
ciscoprime_network_services_controllerMatchany
OR
ciscotelepresence_isdn_gw_3241Matchany
OR
ciscotelepresence_conductorMatchany
OR
ciscounified_workforce_optimizationMatchany
OR
ciscovideo_surveillance_2500_series_ip_cameraMatchany
OR
ciscovideo_surveillance_2500_series_ip_cameraMatchany
OR
ciscocisco_video_surveillance_7000_series_ip_camerasMatchany
OR
ciscovideo_surveillance_4000_ip_cameraMatchany
OR
ciscocisco_webex_meetings_for_androidMatchany
OR
ciscocisco_webex_meetings_for_windows_phone_8Matchany
OR
ciscofirepower_system_softwareMatchany
OR
ciscoip_phone_8800_seriesMatchany
OR
ciscoucs_b-series_blade_server_softwareMatchany
OR
ciscoprime_collaboration_assuranceMatchany
OR
ciscoprime_collaboration_provisioningMatchany
OR
ciscojabber_software_development_kitMatchany
OR
ciscocisco_jabber_for_macMatchany
OR
ciscocisco_jabber_for_iosMatchany
OR
ciscoapplication_infrastructure_controllerMatchany
OR
ciscopacket_tracerMatchany
OR
ciscoprime_networkMatchany
OR
ciscoprime_security_managerMatchany
OR
ciscoagent_desktopMatchany
OR
ciscodx_series_ip_phones_firmwareMatchany
OR
ciscopaging_serverMatchany
OR
ciscospa112_2-port_phone_adapter_firmwareMatchany
OR
ciscoataMatchany
OR
ciscoataMatchany
OR
ciscounified_attendant_console_advancedMatchany
OR
ciscovideoscape_distribution_suite_service_brokerMatchany
OR
ciscoip_phone_7800_series_firmwareMatchany
OR
ciscounified_ip_phone_7900_series_firmwareMatchany
OR
cisconexus_3000Matchany
OR
ciscocisco_policy_suiteMatchany
OR
ciscosmall_business_220_series_smart_plus_switchesMatchany
OR
ciscohosted_collaboration_mediation_fulfillmentMatchany
OR
ciscoregistered_envelope_serviceMatchany
OR
ciscoapplication_and_content_networking_system_softwareMatchany
OR
ciscoprime_access_registrarMatchany
OR
ciscoemergency_responderMatchany
OR
ciscounified_contact_center_hostedMatchany
OR
ciscoios_xr_softwareMatchany
OR
ciscoonsMatch15454_system_software
OR
ciscounity_expressMatchany
OR
cisconac_applianceMatchany
OR
ciscointrusion_prevention_systemMatchany
OR
ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatchany
OR
ciscoace_application_control_engine_module_a3Matchany
OR
ciscocisco_wide_area_application_services_\(waas\)Matchany
OR
ciscowireless_lan_controllerMatchany
OR
ciscounified_contact_center_enterpriseMatchany
OR
ciscounified_meetingplaceMatchany
OR
ciscoip_interoperability_and_collaboration_systemMatchany
OR
ciscounity_connectionMatchany
OR
ciscotelepresence_mx200Matchany
OR
ciscosecurity_managerMatchany
OR
ciscoace_4710Match4700_series_application_control_engine_appliances
OR
ciscounified_contact_center_expressMatchany
OR
ciscocisco_ios_xe_softwareMatchany
OR
ciscovideo_surveillance_media_serverMatchany
OR
ciscodigital_media_playerMatchany
OR
ciscodigital_media_managerMatchany
OR
cisconetwork_analysis_module_softwareMatchany
OR
ciscowebex_event_centerMatchany
OR
ciscowebex_meeting_centerMatchany
OR
ciscowebex_support_centerMatchany
OR
ciscowebex_training_centerMatchany
OR
cisconetwork_admission_controlMatchany
OR
ciscoanyconnect_secure_mobility_clientMatchany
OR
ciscoshow_and_shareMatchany
OR
ciscomobility_services_engineMatchany
OR
ciscoidentity_services_engine_softwareMatchany
OR
ciscotelepresence_video_communication_serverMatchany
OR
ciscoprime_data_center_network_managerMatchany
OR
ciscosmall_business_srp541wMatch300_series_managed_switches
OR
ciscosmall_business_srp541wMatch500_series_stackable_managed_switches
OR
ciscoataMatch187_analog_telephone_adaptor
OR
ciscoprime_lan_management_solutionMatchany
OR
ciscounified_communications_domain_managerMatchany
OR
ciscoemail_security_applianceMatchany
OR
ciscocontent_security_management_applianceMatchany
OR
ciscoprime_infrastructureMatchany
OR
ciscoconnected_grid_network_management_systemMatchany
OR
ciscocisco_jabber_im_for_androidMatchany
OR
ciscowebex_meetings_serverMatchany
OR
ciscowebex_node_for_mcsMatchany
OR
ciscounified_computing_system_central_softwareMatchany
OR
ciscocisco_jabber_for_windowsMatchany
OR
ciscoenterprise_content_delivery_systemMatchany
OR
ciscoasr_1006Match5000_series_software
OR
ciscounified_ip_phoneMatch8945
OR
ciscosocialminerMatchany
OR
ciscomediasenseMatchany
OR
ciscotelepresence_system_tx9000Matchany
OR
ciscocisco_video_surveillanceMatch4000_series_ip_camera
OR
ciscounified_sip_proxyMatchany
OR
ciscocisco_mxeMatch3500_\(media_experience_engine\)
OR
ciscocisco_nexusMatch1000v_intercloud_for_vmware
OR
ciscoprime_network_registrarMatchany
OR
ciscoucs_directorMatchany
OR
ciscodigital_content_managerMatchany
OR
ciscounified_intelligence_centerMatchany
OR
ciscocisco_nexusMatch1000v_switch
OR
ciscoexpresswayMatchany
OR
ciscoprime_opticalMatchany
OR
ciscojabber_guestMatchany
OR
ciscocisco_visual_quality_experienceMatchany
OR
ciscotelepresence_serial_gatewayMatchany
OR
ciscoprime_license_managerMatchany
OR
ciscoprime_collaboration_deploymentMatchany
OR
ciscocisco_plug-in_for_openflowMatchany
OR
ciscoip_contact_center_expressMatchany
OR
ciscocisco_onepk_all-in-one_virtual_machineMatchany
OR
ciscoprime_network_services_controllerMatchany
OR
ciscotelepresence_isdn_gw_3241Matchany
OR
ciscotelepresence_conductorMatchany
OR
ciscounified_workforce_optimizationMatchany
OR
ciscocisco_video_surveillanceMatch3000_series_ip_cameras
OR
ciscocisco_video_surveillanceMatch6000_series_ip_cameras
OR
ciscocisco_video_surveillanceMatch7000_series_ip_cameras
OR
ciscovideo_surveillance_4000_ip_cameraMatchany
OR
ciscocisco_webex_meetings_for_androidMatchany
OR
ciscocisco_webex_meetings_for_windows_phoneMatch8
OR
ciscofirepower_system_softwareMatchany
OR
ciscounified_ip_phoneMatch8800_series_software
OR
ciscoucs_b-series_blade_server_softwareMatchany
OR
ciscoprime_collaboration_assuranceMatchany
OR
ciscoprime_collaboration_provisioningMatchany
OR
ciscojabber_software_development_kitMatchany
OR
ciscocisco_jabber_for_macMatchany
OR
ciscocisco_jabber_for_iosMatchany
OR
ciscoapplication_infrastructure_controllerMatchany
OR
ciscopacket_tracerMatchany
OR
ciscoprime_networkMatchany
OR
ciscoprime_security_managerMatchany
OR
ciscoagent_desktopMatchany
OR
ciscodx_series_ip_phones_firmwareMatchany
OR
ciscopaging_serverMatchany
OR
ciscocisco_spa112Match2-port_phone_adapter
OR
ciscoataMatchany
OR
ciscoataMatchany
OR
ciscounified_attendant_console_advancedMatchany
OR
ciscovideoscape_distribution_suite_service_brokerMatchany
OR
ciscounified_ip_phoneMatch7800_series
OR
ciscounified_ip_phoneMatch7900_series
OR
ciscocisco_nexusMatch3000_series_switch
OR
ciscocisco_policy_suiteMatchany
OR
ciscosmall_business_srp541wMatch220_series_smart_plus_switches
OR
ciscohosted_collaboration_mediation_fulfillmentMatchany
OR
ciscoregistered_envelope_serviceMatchany
VendorProductVersionCPE
ciscoapplication_and_content_networking_system_softwareanycpe:2.3:a:cisco:application_and_content_networking_system_software:any:*:*:*:*:*:*:*
ciscoprime_access_registraranycpe:2.3:a:cisco:prime_access_registrar:any:*:*:*:*:*:*:*
ciscoemergency_responderanycpe:2.3:a:cisco:emergency_responder:any:*:*:*:*:*:*:*
ciscounified_contact_center_hostedanycpe:2.3:a:cisco:unified_contact_center_hosted:any:*:*:*:*:*:*:*
ciscoios_xr_softwareanycpe:2.3:o:cisco:ios_xr_software:any:*:*:*:*:*:*:*
ciscocisco_ons_15454_system_softwareanycpe:2.3:o:cisco:cisco_ons_15454_system_software:any:*:*:*:*:*:*:*
ciscounity_expressanycpe:2.3:h:cisco:unity_express:any:*:*:*:*:*:*:*
cisconac_applianceanycpe:2.3:h:cisco:nac_appliance:any:*:*:*:*:*:*:*
ciscointrusion_prevention_systemanycpe:2.3:a:cisco:intrusion_prevention_system:any:*:*:*:*:*:*:*
ciscocisco_adaptive_security_appliance_\(asa\)_softwareanycpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:any:*:*:*:*:*:*:*
Rows per page:
1-10 of 1311

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.911

Percentile

98.9%