3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM/Cisco switches and directors.
CVE-ID: CVE-2014-3566
DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97013 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cisco switches running the 6.2.x and 5.2.x releases
IBM MTM:
9710-E06MDS 9706 Director
9711-S48MDS 9148S Switch
9710-E01MDS 9250i Multilayer Fabric Switch
9710-E08MDS 9710 Director
2054-E01MDS 9222i Multilayer Fabric Switch
2054-E04(2062-D04) MDS 9506 Multilayer Director
**2054-E11 (**2062-E11) MDS 9513 Multilayer Director
2054-E07(2062-D07) MDS 9509 Multilayer Director
2053-424(2417-C24) MDS 9124 Fabric Switch
2053-434(2053-S34) MDS 9134 Fabric Switch
2417-C48MDS 9148 Fabric Switch
3722-S515010 Switch
3722-S525020 Switch
Release 5.2.8f:_
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/5_2/release/notes/nx-os/mds_nxos_rn_528f.html
**
Release 6.2.11b**:
_http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/6_2/release/notes/nx-os/mds_nxos_rn_6_2_11b.html
NA
3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%