Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products

Information

Severity

Severity

Medium

Family

Family

CISCO

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

3 years ago

Summary

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: - CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability - CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability - CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability - CVE-2014-3572: OpenSSL Elliptic Curve Cryptographic Downgrade Vulnerability - CVE-2015-0204: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability - CVE-2015-0205: OpenSSL Diffie-Hellman Certificate Validation Authentication Bypass Vulnerability - CVE-2014-8275: OpenSSL Certificate Fingerprint Validation Vulnerability - CVE-2014-3570: OpenSSL BN_sql Function Incorrect Mathematical Results Issue Cisco will release software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

See the referenced vendor advisory for a solution.