Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: - CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability - CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability - CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability - CVE-2014-3572: OpenSSL Elliptic Curve Cryptographic Downgrade Vulnerability - CVE-2015-0204: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability - CVE-2015-0205: OpenSSL Diffie-Hellman Certificate Validation Authentication Bypass Vulnerability - CVE-2014-8275: OpenSSL Certificate Fingerprint Validation Vulnerability - CVE-2014-3570: OpenSSL BN_sql Function Incorrect Mathematical Results Issue Cisco will release software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
See the referenced vendor advisory for a solution.