Lucene search

K
ciscoCiscoCISCO-SA-20170130-OPENSSL
HistoryJan 30, 2017 - 9:28 p.m.

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017

2017-01-3021:28:00
tools.cisco.com
62

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.954

Percentile

99.4%

On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl”]. OpenSSL classifies all the new vulnerabilities as “Moderate Severity.”

The first vulnerability affects only OpenSSL used on 32-bit systems architecture and may cause OpenSSL to crash. The second vulnerability affects only version 1.1.0 and occurs only when OpenSSL is used on the client side. The second vulnerability may cause OpenSSL to crash when connecting to a malicious server. The third vulnerability affects only systems based on x86_64 architecture. A successful exploit of the third vulnerability could allow the attacker to access sensitive private key information.

Multiple Cisco products incorporate a version of the OpenSSL package that is affected by one or more of these vulnerabilities.

There are no Cisco products affected by the vulnerability identified by CVE ID CVE-2017-3730.

On February 16, 2017, the OpenSSL Software Foundation released another security advisory that included one high severity vulnerability identified by CVE ID CVE-2017-3733.

There are no Cisco products affected by this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl”]

Affected configurations

Vulners
Node
ciscoprime_access_registrarMatchany
OR
ciscoemergency_responderMatchany
OR
ciscounified_contact_center_hostedMatchany
OR
ciscoios_xr_softwareMatchany
OR
ciscowireless_lan_controllerMatchany
OR
ciscounity_connectionMatchany
OR
ciscotelepresence_e20Matchany
OR
ciscounified_contact_center_expressMatchany
OR
ciscocisco_ios_and_ios-xe_softwareMatchany
OR
ciscovideo_surveillance_media_serverMatchany
OR
ciscodigital_media_playerMatchany
OR
cisconetwork_analysis_module_softwareMatchany
OR
ciscowebex_meeting_centerMatchany
OR
ciscomobility_services_engineMatchany
OR
ciscoidentity_services_engine_softwareMatchany
OR
ciscotelepresence_video_communication_serverMatchany
OR
ciscoprime_data_center_network_managerMatchany
OR
ciscoata_187_analog_telephone_adaptorMatchany
OR
ciscoemail_security_applianceMatchany
OR
ciscocontent_security_management_applianceMatchany
OR
ciscoprime_infrastructureMatchany
OR
ciscoconnected_grid_network_management_systemMatchany
OR
ciscowebex_meetings_serverMatchany
OR
ciscocisco_jabber_for_windowsMatchany
OR
ciscoasr_5000_series_softwareMatchany
OR
ciscofinesseMatchany
OR
ciscounified_ip_phone_8945Matchany
OR
ciscosocialminerMatchany
OR
ciscomediasenseMatchany
OR
ciscocisco_nexus_1000v_intercloudMatchanyvmware
OR
ciscoprime_network_registrarMatchany
OR
ciscoucs_directorMatchany
OR
ciscounified_intelligence_centerMatchany
OR
ciscoapplication_policy_infrastructure_controller_\(apic\)Matchany
OR
ciscoexpresswayMatchany
OR
ciscoprime_opticalMatchany
OR
ciscojabber_guestMatchany
OR
ciscoprime_license_managerMatchany
OR
ciscoprime_collaboration_deploymentMatchany
OR
ciscomate_collectorMatchany
OR
ciscomate_collectorMatchany
OR
ciscomate_liveMatchany
OR
ciscoip_contact_center_expressMatchany
OR
ciscotelepresence_conductorMatchany
OR
ciscofirepower_system_softwareMatchany
OR
ciscoip_phone_8800_seriesMatchany
OR
ciscoucs_b-series_blade_server_softwareMatchany
OR
ciscoprime_collaboration_assuranceMatchany
OR
ciscojabber_software_development_kitMatchany
OR
ciscocisco_jabber_for_macMatchany
OR
ciscoprime_security_managerMatchany
OR
ciscoagent_desktopMatchany
OR
ciscounified_attendant_console_advancedMatchany
OR
ciscoip_phone_7800_series_firmwareMatchany
OR
cisconexus_3000Matchany
OR
ciscohosted_collaboration_mediation_fulfillmentMatchany
OR
ciscoprime_access_registrarMatchany
OR
ciscoemergency_responderMatchany
OR
ciscounified_contact_center_hostedMatchany
OR
ciscoios_xr_softwareMatchany
OR
ciscowireless_lan_controllerMatchany
OR
ciscounity_connectionMatchany
OR
ciscotelepresence_e20Matchany
OR
ciscounified_contact_center_expressMatchany
OR
ciscocisco_ios_and_ios-xe_softwareMatchany
OR
ciscovideo_surveillance_media_serverMatchany
OR
ciscodigital_media_playerMatchany
OR
cisconetwork_analysis_module_softwareMatchany
OR
ciscowebex_meeting_centerMatchany
OR
ciscomobility_services_engineMatchany
OR
ciscoidentity_services_engine_softwareMatchany
OR
ciscotelepresence_video_communication_serverMatchany
OR
ciscoprime_data_center_network_managerMatchany
OR
ciscoataMatch187_analog_telephone_adaptor
OR
ciscoemail_security_applianceMatchany
OR
ciscocontent_security_management_applianceMatchany
OR
ciscoprime_infrastructureMatchany
OR
ciscoconnected_grid_network_management_systemMatchany
OR
ciscowebex_meetings_serverMatchany
OR
ciscocisco_jabber_for_windowsMatchany
OR
ciscoasr_9904Match5000_series_software
OR
ciscofinesseMatchany
OR
ciscounified_ip_phoneMatch8945
OR
ciscosocialminerMatchany
OR
ciscomediasenseMatchany
OR
cisconexus_1000vMatch1000v_intercloud_for_vmwarenexus_1000v
OR
ciscoprime_network_registrarMatchany
OR
ciscoucs_directorMatchany
OR
ciscounified_intelligence_centerMatchany
OR
ciscoapplication_policy_infrastructure_controller_\(apic\)Matchany
OR
ciscoexpresswayMatchany
OR
ciscoprime_opticalMatchany
OR
ciscojabber_guestMatchany
OR
ciscoprime_license_managerMatchany
OR
ciscoprime_collaboration_deploymentMatchany
OR
ciscomate_collectorMatchany
OR
ciscomate_collectorMatchany
OR
ciscomate_liveMatchany
OR
ciscoip_contact_center_expressMatchany
OR
ciscotelepresence_conductorMatchany
OR
ciscofirepower_system_softwareMatchany
OR
ciscounified_ip_phoneMatch8800_series_software
OR
ciscoucs_b-series_blade_server_softwareMatchany
OR
ciscoprime_collaboration_assuranceMatchany
OR
ciscojabber_software_development_kitMatchany
OR
ciscocisco_jabber_for_macMatchany
OR
ciscoprime_security_managerMatchany
OR
ciscoagent_desktopMatchany
OR
ciscounified_attendant_console_advancedMatchany
OR
ciscounified_ip_phoneMatch7800_series
OR
cisconexus_1000vMatch3000_series_switchnexus_1000v
OR
ciscohosted_collaboration_mediation_fulfillmentMatchany
VendorProductVersionCPE
ciscoprime_access_registraranycpe:2.3:a:cisco:prime_access_registrar:any:*:*:*:*:*:*:*
ciscoemergency_responderanycpe:2.3:a:cisco:emergency_responder:any:*:*:*:*:*:*:*
ciscounified_contact_center_hostedanycpe:2.3:a:cisco:unified_contact_center_hosted:any:*:*:*:*:*:*:*
ciscoios_xr_softwareanycpe:2.3:o:cisco:ios_xr_software:any:*:*:*:*:*:*:*
ciscowireless_lan_controlleranycpe:2.3:h:cisco:wireless_lan_controller:any:*:*:*:*:*:*:*
ciscounity_connectionanycpe:2.3:a:cisco:unity_connection:any:*:*:*:*:*:*:*
ciscotelepresence_e20anycpe:2.3:h:cisco:telepresence_e20:any:*:*:*:*:*:*:*
ciscounified_contact_center_expressanycpe:2.3:a:cisco:unified_contact_center_express:any:*:*:*:*:*:*:*
ciscocisco_ios_and_ios-xe_softwareanycpe:2.3:a:cisco:cisco_ios_and_ios-xe_software:any:*:*:*:*:*:*:*
ciscovideo_surveillance_media_serveranycpe:2.3:a:cisco:video_surveillance_media_server:any:*:*:*:*:*:*:*
Rows per page:
1-10 of 621

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.954

Percentile

99.4%