Guest

Products & Services

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

Advisory ID: cisco-sa-20140605-openssl

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

Revision 1.24

Last Updated  2014 November 26 19:45  UTC (GMT)

For Public Release 2014 June 5 22:40  UTC (GMT)


Summary

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:

  • SSL/TLS Man-in-the-Middle Vulnerability
  • DTLS Recursion Flaw Vulnerability
  • DTLS Invalid Fragment Vulnerability
  • SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability
  • SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability
  • Anonymous ECDH Denial of Service Vulnerability
  • ECDSA NONCE Side-Channel Recovery Attack Vulnerability

Please note that the devices that are affected by this vulnerability are the devices acting as a Secure Sockets Layer (SSL) or Datagram Transport Layer Security (DTLS) server terminating SSL or DTLS connections or devices acting as an SSL client initiating an SSL or DTLS connection. Devices that are simply traversed by SSL or DTLS traffic without terminating it are not affected.

This advisory will be updated as additional information becomes available.

Cisco will release free software updates that address these vulnerabilities.

Workarounds that mitigate these vulnerabilities may be available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

Affected Products

Cisco is currently investigating its product line to determine which products may be affected by this vulnerability and the impact on each affected product. As the investigation progresses, this document will be updated to include the Cisco bug IDs for each affected product. The bugs will be accessible through the Cisco Bug Search Tool and contain additional platform-specific information, including workarounds (if available) and fixed software versions.

The following Cisco products are currently under investigation:

Cable Modems
  • Cisco DPC/EPC 2202 VoIP Cable Modem
  • Cisco DPC/EPC 2203 VoIP Cable Modem
  • Cisco DPC/EPC 3208 VoIP Cable Modem
  • Cisco DPC/EPC2100 Cable Modem
  • Cisco DPC/EPC2325 Residential Gateway with Wireless Access Point
  • Cisco DPC/EPC2425 Wireless Residential Gateway with Embedded Digital Voice Adapter
  • Cisco DPC/EPC2434 VoIP Wireless Home Gateway
  • Cisco DPC/EPC2505 Cable Modem
  • Cisco DPC/EPC2607 Cable Modem
  • Cisco DPC/EPC3010 Cable Modem
  • Cisco DPC/EPC3212 VoIP Cable Modem
  • Cisco DPC2320 and EPC2320 Wireless Residential Gateway
  • Cisco DPC2325R2 and EPC2325R2 Wireless Residential Gateway
  • Cisco DPC2420 and EPC2420 Wireless Residential Gateway with Embedded Digital Voice Adapter
  • Cisco DPC3000/EPC3000 Cable Modem
  • Cisco DPC3008/EPC3008 Cable Modem
  • Cisco DPC3825 and EPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco DPC3827 and EPC3827 Wireless Residential Gateway
  • Cisco DPC3828 and EPC3828 DOCSIS/EuroDOCSIS 3.0 8x4 Wireless Residential Gateway
  • Cisco DPC3925 and EPC3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
  • Cisco DPC3928 and EPC3928 DOCSIS/EuroDOCSIS 3.0 8x4 Wireless Residential Gateway with Embedded Digital Voice Adapter
  • Cisco DPC3939 DOCSIS 3.0 16x4 Wireless Residential Voice Gateway
  • Cisco DPQ/EPQ2160 DOCSIS 2.0 Cable Modem
  • Cisco DPQ2202 VoIP Cable Modem
  • Cisco DPQ2425 Wireless Residential Gateway with Digital Voice Adapter
  • Cisco DPQ3212 VoIP Cable Modem
  • Cisco DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
  • Cisco DPR/EPR2320, DPR2325 Cable Modem with Wireless Access Point
  • Cisco DPR362 Cable Modem and Router
  • Cisco DPX/EPX 2203 VoIP Cable Modem
  • Cisco DPX/EPX 2203C VoIP Cable Modem
  • Cisco DPX/EPX2100 Cable Modem
  • Cisco DPX100/120 Cable Modem
  • Cisco DPX110 Cable Modem
  • Cisco DPX130 Cable Modem
  • Cisco DPX213 VoIP Cable Modem
  • Cisco DPX2213 VoIP Cable Modem
  • Cisco Model DPC2420R2 and EPC2420R2 Wireless Residential Gateway with Digital Voice
  • Cisco Model DPC2425R2 and EPC2425R2 Wireless Residential Gateway with Digital Voice

Collaboration and Social Media
  • Cisco SocialMiner
  • Cisco Unified Meeting Place Application Server and Web Server
  • Cisco WebEx Node for ASR 1000 Series
  • Cisco WebEx Node for MCS

Endpoint Clients and Client Software
  • Cisco Agent Desktop
  • Cisco Agent for OpenFlow
  • Cisco Jabber Video for TelePresence (Movi)
  • Cisco Unified Client Services Framework
  • Cisco WebEx Meetings Server (client)
  • Cisco WebEx Meetings for Android
  • Cisco WebEx Meetings for BlackBerry
  • Cisco WebEx Meetings for Windows Phone 8

Meraki Products
  • Cisco Meraki Cloud-Managed Indoor Access Points
  • Cisco Meraki Cloud-Managed Outdoor Access Points
  • Cisco Meraki MS Access Switches
  • Cisco Meraki MX Security Appliances

Network Application, Service, and Acceleration
  • Cisco SCE 1000 Series Service Control Engine
  • Cisco SCE 2000 Series Service Control Engine
  • Cisco SCE 8000 Series Service Control Engine
  • Cisco Service Control Application for Broadband
  • Cisco Service Control Collection Manager
  • Cisco Service Control Subscriber Manager
  • Cisco Wide Area Application Services (WAAS) Express (IOS)

Network and Content Security Devices
  • Cisco FireAMP Private Cloud virtual appliance
  • Cisco Mobility Service Engine (MSE)
  • Cisco NetFlow Generation 3000 Series Appliance
  • Cisco PowerVu D9190 Conditional Access Manager (PCAM)
  • Cisco SSL Services Module (SSLM)
  • Cisco Small Business ISA500 Series Integrated Security Appliances
  • Cisco SourceFire appliances (this includes both 3D Systems and SSL appliances)
  • Cisco Traffic Anomaly Detector
  • Cisco Video Surveillance Media Server Software
  • Cisco Video Surveillance Operations Manager Software
  • Cisco Virtual Security Gateway for Microsoft Hyper-V
  • Cisco Virtual Security Gateway for VMware

Network Management and Provisioning
  • Cisco Common Services Platform Collector
  • Cisco Configuration Professional
  • Cisco Connected Grid Device Manager
  • Cisco Connected Grid Network Management System
  • Cisco Integrated Management Controller (IMC)
  • Cisco Intelligent Automation for Cloud
  • Cisco Multicast Manager
  • Cisco ONS 15454 Series Multiservice Provisioning Platforms
  • Cisco Prime Collaboration Assurance
  • Cisco Prime Collaboration Deployment
  • Cisco Prime Collaboration Manager
  • Cisco Prime IP Express
  • Cisco Prime License Manager
  • Cisco Prime Security Manager
  • Cisco Quantum SON Suite
  • Cisco Remote Silent Monitoring
  • Cisco Virtual Network Management Center

Routing and Switching - Enterprise and Service Provider
  • Cisco 1000 Series Connected Grid Routers
  • Cisco Anomaly Guard Module
  • Cisco CVR100W Wireless-N VPN Router
  • Cisco Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module (FWSM)
  • Cisco Content Switching Module with SSL (CSM-S)
  • Cisco ESW2 Series Advanced Switches
  • Cisco MS200X Ethernet Access Switch
  • Cisco MXE 3500 Series
  • Cisco MXE 5600 Series
  • Cisco Nexus 1000V Switch for Microsoft Hyper-V
  • Cisco Nexus 1000V Switch for VMware vSphere
  • Cisco Nexus 1010 Virtual Services Appliance
  • Cisco Nexus 1100 Virtual Services Appliances
  • Cisco ONS 15100 Series
  • Cisco ONS 15200 Series DWDM Systems
  • Cisco ONS 15300 Series
  • Cisco ONS 15500 Series
  • Cisco ONS 15600 Series
  • Cisco ONS 15800 Series DWDM Platforms
  • Cisco Quantum Virtualized Packet Core

Routing and Switching - Small Business
  • Cisco 200 Series Smart Switches
  • Cisco 300 Series Managed Switches
  • Cisco 500 Series Stackable Managed Switches
  • Cisco RV016 VPN Router
  • Cisco RV042 VPN Router
  • Cisco RV082 VPN Router
  • Cisco RV110W Wireless-N VPN Router
  • Cisco RV120W Wireless-N VPN Router
  • Cisco RV180 VPN Router
  • Cisco RV180W Wireless-N VPN Router
  • Cisco RV215W Wireless-N VPN Router
  • Cisco RV220W Wireless-N VPN Router
  • Cisco RV315W Wireless-N VPN Router
  • Cisco RV320 VPN Router
  • Cisco RV325 VPN Router

Unified Computing
  • Cisco UCS C-Series (Standalone Rack) Servers
  • Cisco UCS Fabric Interconnects
  • Cisco UCS Invicta Series Solid State Systems

Voice and Unified Communications Devices
  • Cisco IP Interoperability and Collaboration System (IPICS)
  • Cisco Packaged Contact Center Enterprise
  • Cisco UC Integration for IBM Sametime
  • Cisco UC Integration for Microsoft Office Communicator
  • Cisco Unified 7800 Series IP Phones
  • Cisco Unified Communications Domain Manager
  • Cisco Unified Department Attendant Console
  • Cisco Unified E-Mail Interaction Manager (EIM)
  • Cisco Unified Enterprise Attendant Console
  • Cisco Unified Mobility
  • Cisco Unified Quick Connect
  • Cisco Unified Web Interaction Manager (WIM)
  • Cisco Unified Workforce Optimization

Video, Streaming, TelePresence, and Transcoding Devices
  • Cisco Internet Streamer CDS
  • Cisco Digital Media Manager (DMM)
  • Cisco Edge 300 Digital Media Player
  • Cisco Edge 340 Digital Media Player
  • Cisco Enterprise Content Delivery System (ECDS)
  • Cisco Linear Stream Manager
  • Cisco MediaSense
  • Cisco TelePresence Conductor
  • Cisco TelePresence Management Suite Network Integration Extension
  • Cisco TelePresence Multipoint Switch (CTMS)
  • Cisco TelePresence Recording Server (CTRS)
  • Cisco Video Distribution Suite for Internet Streaming VDS-IS

Wireless
  • Cisco ASR 5000 Series
  • Cisco Mobile Wireless Transport Manager
  • Cisco WAP121 Wireless-N Access Point
  • Cisco WAP321 Wireless Access Point
  • Cisco WAP4410N Wireless-N Access Point
  • Cisco WAP551/561 Wireless-N Access Point
  • Cisco Wireless Location Appliance
  • CiscoWorks Wireless LAN Solution Engine (WLSE)

The following Cisco services are currently under investigation:
  • Cisco Cloud Web Security
  • Cisco Meraki Dashboard
  • Cisco Partner Support Services
  • Cisco Registered Envelope Service (CRES)
  • Cisco Smart Care
  • Cisco Smart Services Capabilities
  • Cisco USC Invicta Series Autosupport Portal

Products and services listed in the following subsections have had their exposure to this vulnerability confirmed. Additional products will be added to these sections as the investigation continues.

Vulnerable Products

Collaboration and Social Media
  • Cisco WebEx Meetings Server versions 1.x (CSCup22555)
  • Cisco WebEx Meetings Server versions 2.x (CSCup22555)

Endpoint Clients and Client Software

Network Application, Service, and Acceleration
  • Cisco ACE Application Control Engine Module (ACE10, ACE20) (CSCup28056)
  • Cisco ACE Application Control Engine Module (ACE30) (CSCup22544)
  • Cisco ACE Application Control Engine Appliance (ACE4710) (CSCup22544)
  • Cisco Wide Area Application Services (WAAS) (CSCup22648)

Network and Content Security Devices
  • Cisco Adaptive Security Appliance (ASA) Software (CSCup22532)
  • Cisco ASA CX Context-Aware Security (CSCup24314)
  • Cisco Content Security Management Appliance (SMA) (CSCup22506)
  • Cisco Email Security Appliance (ESA) (CSCup21571)
  • Cisco NAC Appliance (Clean Access Server) (CSCup24014)
  • Cisco NAC Manager (Clean Access Manager) (CSCup24028)
  • Cisco NAC Guest Server (CSCup24002)
  • Cisco IPS (CSCup22652)
  • Cisco Identity Service Engine (ISE) (CSCup22534)
  • Cisco Physical Access Gateways (CSCup22414)
  • Cisco Secure Access Control Server (ACS) (CSCup22665)
  • Cisco Small Business ISA500 Series Integrated Security Appliances (CSCup24029)
  • Cisco Web Security Appliance (WSA) (CSCup22522)

Network Management and Provisioning

Routing and Switching - Enterprise and Service Provider Routing and Switching -  Small Business
  • Cisco WAG310G Wireless-G ADSL2+ Gateway with VoIP (CSCup22426)

Unified Computing

Video, Streaming, TelePresence, and Transcoding Devices
  • Cisco D9036 Modular Encoding Platform (CSCup23995)
  • Cisco Digital Media Players (DMP) 4300 Series (CSCup92446)
  • Cisco Digital Media Players (DMP) 4400 Series (CSCup92446)
  • Cisco Expressway Series (CSCup25151)
  • Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) (CSCup24156)
  • Cisco IP Video Phone E20 (CSCup23984)
  • Cisco PowerVu D9190 Comditional Access Manager (PCAM) (CSCup24013)
  • Cisco TelePresence Advanced Media Gateway Series (CSCup29733)
  • Cisco TelePresence Content Server (TCS) (CSCup22349)
  • Cisco TelePresence EX Series (CSCup25163)
  • Cisco TelePresence Exchange System (CTX) (CSCup23979)
  • Cisco TelePresence Integrator C Series (CSCup25163)
  • Cisco TelePresence IP Gateway Series (CSCup22636)
  • Cisco TelePresence IP VCR Series (CSCup23998)
  • Cisco TelePresence ISDN GW 3241 (CSCup22632)
  • Cisco TelePresence ISDN GW MSE 8321 (CSCup22632)
  • Cisco TelePresence ISDN Link (CSCup23978)
  • Cisco TelePresence MCU all series (CSCup23994)
  • Cisco TelePresence MX Series (CSCup25163)
  • Cisco TelePresence MXP Series (CSCup23989)
  • Cisco TelePresence Profile Series (CSCup25163)
  • Cisco TelePresence Serial Gateway Series (CSCup22633)
  • Cisco TelePresence Server 8710, 7010 (CSCup22629)
  • Cisco TelePresence Server on Multiparty Media 310, 320 (CSCup22629)
  • Cisco TelePresence Server on Virtual Machine (CSCup22629)
  • Cisco TelePresence Supervisor MSE 8050 (CSCup22635)
  • Cisco TelePresence SX Series (CSCup25163)
  • Cisco TelePresence System 1000 (CSCup22603)
  • Cisco TelePresence System 1100 (CSCup22603)
  • Cisco TelePresence System 1300 (CSCup22603)
  • Cisco TelePresence 1310 (CSCup22603)
  • Cisco TelePresence System 3000 Series (CSCup22603)
  • Cisco TelePresence System 500-32 (CSCup22603)
  • Cisco TelePresence System 500-37 (CSCup22603)
  • Cisco TelePresence TX 9000 Series (CSCup22603)
  • Cisco TelePresence T Series (T3) (CSCup25163)
  • Cisco TelePresence Video Communication Server (VCS) (CSCup25151)
  • Tandberg Codian ISDN GW 3210/3220/3240 (CSCup22632)
  • Tandberg Codian MSE 8320 model (CSCup22632)
  • Tandberg 770/880/990 MXP Series (CSCup23989)
  • Cisco Video Surveillance 3000 Series IP Cameras (CSCup22372)
  • Cisco Video Surveillance 4000 Series IP Cameras (CSCup22381)
  • Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras (CSCup22377)
  • Cisco Video Surveillance 6000 Series IP Cameras (CSCup22372)
  • Cisco Video Surveillance 7000 Series IP Cameras (CSCup22372)
  • Cisco Video Surveillance PTZ IP Cameras (CSCup22372)
  • Cisco Videoscape AnyRes Live (CAL) (CSCup24177)
  • Cisco Virtualization Experience Media Engine (CSCup47300)

Voice and Unified Communications Devices
  • Cisco Agent Desktop for Cisco Unified Contact Center Enterprise and Hosted (CSCup24189)
  • Cisco Agent Desktop for Cisco Unified Contact Center Express (CSCup34257)
  • Cisco ATA 187 Analog Telephone Adaptor (CSCup24458)
  • Cisco ATA 190 Series Analog Telephone Adaptor (CSCup24100)
  • Cisco Desktop Collaboration Experience DX650 (CSCup22514)
  • Cisco Emergency Responder (CER) (CSCup24079)
  • Cisco Paging Server (CSCup24093)
  • Cisco SPA112 2-Port Phone Adapter (CSCup24514)
  • Cisco SPA122 ATA with Router (CSCup24514)
  • Cisco SPA232D Multi-Line DECT ATA (CSCup24514)
  • Cisco SPA300 Series IP Phones (CSCup39003)
  • Cisco SPA500 Series IP Phones (CSCup39003)
  • Cisco SPA510 Series IP Phones (CSCup39003)
  • Cisco SPA525 Series IP Phones (CSCup38998)
  • Cisco TAPI Service Provider (TSP) (CSCup35534)
  • Cisco Computer Telephony Integration Object Server (CTIOS) (CSCup24074)
  • Cisco Unified Attendant Console (all editions) (CSCup23967)
  • Cisco Unified Attendant Console Advanced (CSCup24304)
  • Cisco Unified Communications 500 Series (CSCup22590)
  • Cisco Unified Communications Manager (UCM) (CSCup22670)
  • Cisco Unified Communications Manager Session Management Edition (SME) (CSCup22670)
  • Cisco Unified Communications Widgets Click To Call (CSCup30489)
  • Cisco Unified Contact Center Enterprise (CSCup24074)
  • Cisco Unified Contact Center Express (CSCup24073)
  • Cisco Unified 6900 Series IP Phones (CSCup22596)
  • Cisco Unified 7900 Series IP Phones (CSCup22595)
  • Cisco Unified 8831 IP Phone (CSCup22638)
  • Cisco Unified 8941 IP Phone (CSCup22598)
  • Cisco Unified 8945 IP Phone (CSCup22598)
  • Cisco Unified 8961 IP Phone (CSCup22539)
  • Cisco Unified 9951 IP Phone (CSCup22539)
  • Cisco Unified 9971 IP Phone (CSCup22539)
  • Cisco Unified IM and Presence Services (CUPS) (CSCup22627)
  • Cisco Unified Intelligent Contact Management Enterprise (CSCup24074)
  • Cisco Unified IP Conference Phone 8831 (CSCup37353)
  • Cisco Unified Wireless IP Phone 2920 Series (CSCup37238)
  • Cisco Unity Connection (UC) (CSCup24038)

Wireless
  • Cisco Universal Small Cell 5000 Series running V3.4.2.x software (CSCup22656)
  • Cisco Universal Small Cell 7000 Series running V3.4.2.x software (CSCup22656)
  • Cisco Wireless LAN Controller (WLC) (CSCup22587)
  • Small Cell factory recovery root filesystem V2.99.4 or later (CSCup22656)

The following Cisco services were found to be affected by one or more of the vulnerabilities documented in this advisory.

Products Confirmed Not Vulnerable

Note: The following list includes Cisco applications that are intended to be installed on a customer-provided host (either a physical server or a virtual machine) with a customer-installed operating system. Those products may use the Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) functionality as provided by the host operating system on which the Cisco product is installed. While those Cisco products do not directly include an affected version of OpenSSL (and therefore are not impacted by this vulnerability), Cisco recommends that customers review their host operating system installation and perform any upgrades necessary to address this vulnerability, according to the operating system vendor recommendations and general operating system security best practices.

The following Cisco products have been analyzed and are not affected by this vulnerability:

Collaboration and Social Media
  • Cisco Show and Share (SnS)
  • Cisco WebEx Social

Endpoint Clients and Client Software
  • Cisco IP Communicator
  • Cisco NAC Agent (Clean Access) for Mac
  • Cisco NAC Agent (Clean Access) for Web
  • Cisco NAC Agent (Clean Access) for Windows
  • Cisco Unified Personal Communicator
  • Cisco Unified Video Advantage
  • Cisco WebEx Productivity Tools

Network Application, Service, and Acceleration
  • Cisco Application and Content Networking System (ACNS) Software
  • Cisco Wide Area Application Services (WAAS) Mobile

Network and Content Security Devices
  • Cisco IronPort Encryption Appliance (IEA)
  • Cisco Physical Access Manager
  • Cisco Unified Intelligence Center

Network Management and Provisioning
  • Cisco Adaptive Security Device Manager (ASDM)
  • Cisco Extensible Network Controller (XNC)
  • Cisco Insight Reporter
  • Cisco Prime Analytics
  • Cisco Prime Assurance Manager
  • Cisco Prime Cable Provisioning
  • Cisco Prime Central for SPs
  • Cisco Prime Collaboration Provisioning version 10.0 and prior
  • Cisco Prime Home
  • Cisco Prime Provisioning for SPs
  • Cisco Prime Unified Provisioning Manager (CUPM)
  • Cisco Unified Intelligence Center
  • CiscoWorks Network Compliance Manager

Routing and Switching - Enterprise and Service Provider
  • Cisco ACE Global Site Selector Appliances (GSS)
  • Cisco Nexus 4000 Series Switches

Video, Streaming, TelePresence, and Transcoding Devices
  • Cisco D9034-S Encoder
  • Cisco D9054 HDTV Encoder
  • Cisco D9804 Multiple Transport Receiver
  • Cisco D9824 Advanced Multi Decryption Receiver
  • Cisco D9854/D9854-I Advanced Program Receiver
  • Cisco D9858 Advanced Receiver Transcoder
  • Cisco D9859 Advanced Receiver Transcoder
  • Cisco D9865 Satellite Receiver
  • Cisco Linear Stream Manager
  • Cisco TelePresence Manager (CTSMan)
  • Cisco TelePresence Management Suite (TMS)
  • Cisco TelePresence Management Suite Analytics Extension
  • Cisco TelePresence Management Suite Extension for IBM Lotus Notes
  • Cisco TelePresence Management Suite Extension for Microsoft Exchange
  • Cisco TelePresence Management Suite Provisioning Extension
  • Cisco Videoscape AnyRes VOD (CAV)

Voice and Unified Communications Devices
  • Cisco Billing and Measurements Server (BAMS)
  • Cisco Finesse
  • Cisco MGC Node Manager (CMNM)
  • Cisco SPA8000 8-port IP Telephony Gateway
  • Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports
  • Cisco Prime Unified Operations Manager
  • Cisco Prime Unified Service Monitor
  • Cisco UC Integration for Microsoft Lync
  • Cisco Unified 3900 Series IP Phones
  • Cisco Unified Contact Center Domain Manager (CCDM)
  • Cisco Unified Contact Center Management Portal (CCMP)
  • Cisco Unified Service Statistics Manager
  • Cisco Unified Sip Proxy
  • Cisco Unified Customer Voice Portal (CVP)
  • Cisco PGW 2200 (PGW) Softswitch
  • Cisco Virtual PGW 2200 (vPGW) Softswitch

Wireless
  • Cisco Broadband Access Center Telco Wireless
  • Cisco Wireless Control System (WCS)

The following Cisco services have been evaluated and determined to be not vulnerable:
  • Cisco Content Security Appliance Updater Servers
  • Cisco One Portal
  • Cisco Services Provisioning Platform
  • Cisco SmartAdvisor (CDS)
  • Cisco Smart Net Total Care (SNTC)
  • Cisco WebEx Event Center
  • Cisco WebEx Meeting Center
  • Cisco WebEx Support Center
  • Cisco WebEx Training Center
  • Cisco WebEx WebOffice
  • Cisco Unified Services Delivery Platform (CUSDP)
  • Cisco Universal Small Cell CloudBase

Details

The OpenSSL Project disclosed seven vulnerabilities on June 5, 2014. One or more of these vulnerabilities affect both client and server installations of OpenSSL. The vulnerability names and the associated Common Vulnerabilities and Exposures (CVE) IDs are as follows.

The impact of these vulnerabilities on Cisco products may vary depending on the affected product.

For Cisco products, please refer to the information provided in the Cisco bug IDs listed in the Affected Products section of this document. Additional information and detailed instructions are available in the Cisco installation, configuration, and maintenance guides for each product. If additional clarification or advice is needed, please contact your support organization.

SSL/TLS Man-in-the-Middle Vulnerability

An unauthenticated, remote attacker with the ability to intercept traffic between an affected client and server could successfully execute a man-in-the-middle attack.

This vulnerability has been assigned CVE ID CVE-2014-0224.

DTLS Recursion Flaw Vulnerability

An unauthenticated, remote attacker that can convince an affected client to connect to an attacker-controlled server could send an affected device a crafted DTLS packet. This could result in a partial or complete DoS condition on the affected device.

This vulnerability has been assigned CVE ID CVE-2014-0221.

DTLS Invalid Fragment Vulnerability

An unauthenticated, remote attacker could send a crafted DTLS packet to an affected device designed to trigger a buffer overflow condition. This could allow the attacker to gain the ability to execute arbitrary code with elevated privileges.

This vulnerability has been assigned CVE ID CVE-2014-0195.

SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability

An unauthenticated, remote attacker could submit a malicious request designed to trigger a NULL pointer dereference. This could result in a partial or complete DoS condition on the affected device.

This vulnerability has been assigned CVE ID CVE-2014-0198.

SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability

An unauthenticated, remote attacker could submit a malicious request designed to inject content into a parallel context or trigger a DoS condition.

This vulnerability has been assigned CVE ID CVE-2010-5298.

Anonymous ECDH Denial of Service Vulnerability

An unauthenticated, remote attacker that can convince an affected client to connect to an attacker-controlled server could submit a crafted certificate designed to trigger a NULL pointer dereference. If successful, the attacker could create a DoS condition.

This vulnerability has been assigned CVE ID CVE-2014-3470.

ECDSA NONCE Side-Channel Recovery Attack Vulnerability

An attacker with the ability to run an application on an affected device could recover portions of ECDSA cryptographic materials via a side-channel attack. This could allow the attacker to reconstruct encryption keys used for the protection of network communications.

This vulnerability has been assigned CVE ID CVE-2014-0076.

For additional details, customers are advised to reference the OpenSSL Project security advisory: http://www.openssl.org/news/secadv_20140605.txt

Vulnerability Scoring Details

Cisco has scored the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this security advisory is in accordance with CVSS version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability severity and helps organizations determine the urgency and priority of a response.

Cisco has provided a base and temporal score. Customers can also compute environmental scores that help determine the impact of the vulnerability in their own networks.

Cisco has provided additional information regarding CVSS at the following link:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to compute the environmental impact for individual networks at the following link:
http://intellishield.cisco.com/security/alertmanager/cvss


SSL/TLS Man-in-the-Middle Vulnerability

CVE-2014-0224

CVSS Base Score - 4.3

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

 Network

 Medium

 None

 None

 Partial

 None

CVSS Temporal Score - 3.6

Exploitability

Remediation Level

Report Confidence

 Functional

 Official Fix

 Confirmed


DTLS Recursion Flaw Vulnerability

CVE-2014-0221

CVSS Base Score - 7.1

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

 Network

 Medium

 None

 None

 None

 Complete

CVSS Temporal Score - 5.9

Exploitability

Remediation Level

Report Confidence

 Functional

 Official Fix

 Confirmed


DTLS Invalid Fragment Vulnerability

CVE-2014-0195

CVSS Base Score - 10.0

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

 Network

 Low

 None

 Complete

 Complete

 Complete

CVSS Temporal Score - 8.3

Exploitability

Remediation Level

Report Confidence

 Functional

 Official Fix

 Confirmed


SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability

CVE-2014-0198

CVSS Base Score - 7.1

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

 Network

 Medium

 None

 None

 None

 Complete

CVSS Temporal Score - 7.8

Exploitability

Remediation Level

Report Confidence

 Functional

 Official Fix

 Confirmed


SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability

CVE-2010-5298

CVSS Base Score - 7.8

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

 Network

 Medium

 None

 None

 Partial

 Complete

CVSS Temporal Score - 6.4

Exploitability

Remediation Level

Report Confidence

 Functional

 Official Fix

 Confirmed


Anonymous ECDH Denial of Service Vulnerability

CVE-2014-3470

CVSS Base Score - 7.1

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

 Network

 Medium

 None

 None

 None

 Complete

CVSS Temporal Score - 7.8

Exploitability

Remediation Level

Report Confidence

 Functional

 Official Fix

 Confirmed



ECDSA NONCE Side-Channel Recovery Attack Vulnerability

CVE-2014-0076

CVSS Base Score - 1.9

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

 Local

 Medium

 None

 Partial

 None

 None

CVSS Temporal Score - 1.6

Exploitability

Remediation Level

Report Confidence

 Functional

 Official Fix

 Confirmed

Impact

Successful exploitation of these vulnerabilities may allow an attacker to perform a man-in-the-middle attack, create a denial of service condition, disclose sensitive information, or execute arbitrary code with elevated privileges.

To determine the impact on a specific Cisco product, refer to the Cisco bug ID, available from the Cisco Bug Search Tool.

Software Versions and Fixes

When considering software upgrades, customers are advised to consult the Cisco Security Advisories, Responses, and Notices archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Workarounds

For potential workarounds on a specific Cisco product, refer to the Cisco bug ID, available from the Cisco Bug Search Tool.

Cisco has published an Event Response for this vulnerability:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_OpenSSL_06052014.html

Obtaining Fixed Software

Cisco will release free software updates that address the vulnerabilities described in this advisory as affected products are identified. Prior to deploying software, customers are advised to consult their maintenance providers or check the software for feature set compatibility and known issues that are specific to their environments.

Customers may only install and expect support for feature sets they have purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html.

Customers with Service Contracts

Customers with contracts should obtain upgraded software through their regular update channels. For most customers, upgrades should be obtained through the Software Navigator on Cisco.com at http://www.cisco.com/cisco/software/navigator.html.

Customers using Third Party Support Organizations

Customers with Cisco products that are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers, should contact that organization for assistance with the appropriate course of action.

The effectiveness of any workaround or fix depends on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Because of the variety of affected products and releases, customers should consult their service providers or support organizations to ensure that any applied workaround or fix is the most appropriate in the intended network before it is deployed.

Customers without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC):
  • +1 800 553 2447 (toll free from within North America)
  • +1 408 526 7209 (toll call from anywhere in the world)
  • email: tac@cisco.com

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Customers without service contracts should request free upgrades through the TAC.

Refer to Cisco Worldwide Contacts at http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, instructions, and email addresses for support in various languages.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory.

These vulnerabilities were publicly disclosed by the OpenSSL Project on June 5, 2014.

Status of this Notice: Interim

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE.

A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.


Distribution

This advisory is posted on Cisco Security at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

Additionally, a text version of this advisory is clear signed with the Cisco PSIRT PGP key and circulated among the following email addresses:
  • cust-security-announce@cisco.com
  • first-bulletins@lists.first.org
  • bugtraq@securityfocus.com
  • vulnwatch@vulnwatch.org
  • cisco@spot.colorado.edu
  • cisco-nsp@puck.nether.net
  • fulldisclosure@seclists.org

Future updates of this advisory, if any, will reside on Cisco.com but may not be announced on mailing lists. Users can monitor this advisory's URL for any updates.

Revision History

Revision 1.24 2014-November-26 Updated the Affected Products and Products Confirmed Not Vulnerable sections.
Revision 1.23 2014-November-12 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.22 2014-October-30 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.21 2014-August-06 Updated the Affected Products and Vulnerable Products sections. Linked bug IDs of currently known affected products.
Revision 1.20 2014-July-30 Added secondary bug ID CSCup22663 for Nexus 2000, 5000, 5600, and 6000. Updated the Vulnerable Products section. Linked bug IDs of currently known affected products.
Revision 1.19 2014-July-23 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.18 2014-July-18 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.17 2014-July-14 Updated the Affected Products, Vulnerable Products. Linked bug IDs of currently known affected products.
Revision 1.16 2014-July-09 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.15 2014-July-07 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.14 2014-July-03 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.13 2014-June-27 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.12 2014-June-25 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.11 2014-June-23 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.10 2014-June-20 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.9 2014-June-19 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.8 2014-June-18 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.7 2014-June-16 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.6 2014-June-13 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.5 2014-June-12 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.4 2014-June-11 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.3 2014-June-10 Updated the Affected Products and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Provided clarification in Products Confirmed Not Vulnerable section regarding customer-maintained operating systems.
Revision 1.2 2014-June-09 Updated the Affected Products and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
Revision 1.1 2014-June-06 Updated the Affected Products and Products Confirmed Not Vulnerable sections.
Revision 1.0 2014-June-05 Initial public release.

Cisco Security Procedures

Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html. This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at http://www.cisco.com/go/psirt.