Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017

Available Languages

Updated:January 30, 2017
Document ID:1485831713492411

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Cisco Security Advisory

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017

Medium
Advisory ID:
cisco-sa-20170130-openssl
First Published:
2017 January 30 21:28 GMT
Last Updated: 
2017 July 5 11:43 GMT
Version 2.9:
Final
Workarounds:
No workarounds available
CVE-2017-3730
CVE-2017-3731
CVE-2017-3732

More...

CWE-310
CWE-399
CVE-2017-3730
CVE-2017-3731
CVE-2017-3732

More...

CWE-310
CWE-399

Summary

  • On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016. OpenSSL classifies all the new vulnerabilities as “Moderate Severity.”

    The first vulnerability affects only OpenSSL used on 32-bit systems architecture and may cause OpenSSL to crash. The second vulnerability affects only version 1.1.0 and occurs only when OpenSSL is used on the client side. The second vulnerability may cause OpenSSL to crash when connecting to a malicious server. The third vulnerability affects only systems based on x86_64 architecture. A successful exploit of the third vulnerability could allow the attacker to access sensitive private key information.

    Multiple Cisco products incorporate a version of the OpenSSL package that is affected by one or more of these vulnerabilities.

    There are no Cisco products affected by the vulnerability identified by CVE ID CVE-2017-3730.

    On February 16, 2017, the OpenSSL Software Foundation released another security advisory that included one high severity vulnerability identified by CVE ID CVE-2017-3733.

    There are no Cisco products affected by this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl

Affected Products

  • Cisco investigated its product line to determine which products may be affected by these vulnerabilities and the impact on each affected product. Refer to the "Vulnerable Products" and "Products Confirmed Not Vulnerable" sections of this advisory for information about whether a product is affected.

    The "Vulnerable Products" section includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information, including workarounds (if available) and fixed software releases.

    There are no Cisco products affected by the vulnerabilities identified by CVE IDs CVE-2017-3730 and CVE-2017-3733.

    Vulnerable Products

    Product Cisco Bug ID Fixed Release Availability
    Collaboration and Social Media
    Cisco SocialMiner CSCvc98364
    Cisco WebEx Meetings Server Releases 1.x CSCvc94595 CWMS 2.8 (31-March-2017)
    Cisco WebEx Meetings Server Releases 2.x CSCvc94595 CWMS 2.8 (31-March-2017)
    Endpoint Clients and Client Software
    Cisco Jabber Guest CSCvc94762 11.0(1) (31-May-2017)
    Cisco Jabber Software Development Kit CSCvc94759 11.9 (30-June-2017)
    Cisco Jabber for Mac CSCvc94758 11.9 (30-June-2017)
    Cisco Jabber for Windows CSCvc94760 11.9.0 (28-Jun-2017)
    Cisco WebEx Business Suite CSCvc94597 NBR 3.6.0 (30-March-2017)
    Cisco WebEx Meetings Client - Hosted CSCvc96091 31.12 (28-Feb-2017)
    Cisco WebEx Meetings Client - On-Premises CSCvc96090 31.12 (28-Feb-2017)
    Cisco WebEx Meetings Server - Multimedia Platform (MMP) CSCvc96092 6.0.325 (Available)
    Network and Content Security Devices
    Cisco Content Security Appliance Update Servers CSCvc94591 2.0.3-111 (3-Mar-2017)
    Cisco Content Security Management Appliance (SMA) CSCvc94590 11.5 (September - 2017)
    Cisco Email Security Appliance (ESA) CSCvc94585 11.5 (September - 2017)
    Cisco FireSIGHT System Software CSCvc94589 6.2.0.1 (April-2017) 6.1.0.3 (July-2017) 6.0.1.3 (June-2017) 5.4.0.11/5.4.1.10 (July-2017)
    Cisco Identity Services Engine (ISE) CSCvc94692
    Cisco Web Security Appliance (WSA) CSCvc94592 11.5 (September - 2017)
    Network Management and Provisioning
    Cisco Application Policy Infrastructure Controller (APIC) CSCvc96095 2.3 (June-2017)
    Cisco MATE Collector CSCvc94716
    Cisco MATE Design CSCvc94716
    Cisco MATE Live CSCvc94716
    Cisco NetFlow Generation Appliance CSCvc94643 1.1.1 (13-April-2017)
    1.1.1a (13-April-2017)
    Cisco Network Analysis Module CSCvc94637 6.2.1 (13-April-2017)
    6.2.2 (13-April-2017)
    Cisco Prime Access Registrar CSCvc94632 8.0 (30-July-2017)
    Cisco Prime Collaboration Assurance CSCvc96099 Fix Already Available in PCA 11.6
    Cisco Prime Collaboration Deployment CSCvc96106
    Cisco Prime Data Center Network Manager CSCvc94601 10.2.1 (21-April-17)
    Cisco Prime IP Express CSCvc94634 8.3.5 (28-Feb-2017)
    Cisco Prime Infrastructure CSCvc94641 3.2: (31-March-2017)
    3.1.6 (31-March-2017)
    Cisco Prime License Manager CSCvc94662 11.5 (1.12001-2) (7-April-2017
    Cisco Prime Network Registrar CSCvc94629 8.3.5 (28-Feb-2017)
    Cisco Prime Optical for Service Providers CSCvc94633 10.6.1.0 (Feb-2017)
    Cisco Prime Performance Manager CSCvc94623 SP1703 (31-March-2017)
    Cisco Smart Net Total Care - Local Collector appliance CSCvc94723 2.2.14 (10-Feb-2017)
    Cisco Unified Intelligence Center CSCvc98361
    Routing and Switching - Enterprise and Service Provider
    Cisco ASR 5000 Series CSCvc94556 21.2.0 (30-April-2017)
    Cisco Application Policy Infrastructure Controller (APIC) CSCvc94602 2.3 (July - 2017)
    Cisco Connected Grid Routers CSCvc94730 15.6(3)M2 (31-Mar-2017)
    Cisco IOS XR Software CSCvc94649 6.3.1
    Cisco IOS and Cisco IOS XE Software CSCvc94729 16.6 (15-Feb-2017)
    Cisco MDS 9000 Series Multilayer Switches CSCvc94605 6.2.21 No fix available yet
    8.2.1 (Sept. 2017) 7.0.3.I6 (Mar. 2017)
    Cisco MDS 9000 Series Multilayer Switches CSCvc94606 MDS 9000: 6.2.21 No fix available yet
    N5K
    N6K : No Fix Expected
    N7K: 8.2.1 (Sept. 2017)
    N3K
    N9K 7.0.3.I6 (April 2017)
    Cisco Nexus 1000V InterCloud CSCvc94604 No Fix Expected
    Cisco Nexus 3000 Series Switches CSCvc94609 6.0(2)A8(4) (15-Apr-2017)
    Cisco Nexus 4000 Series Blade Switches CSCvc94709 4.1(2)E1(1s) (15-July-2017)
    Cisco Nexus 5000 Series Switches CSCvc94606 MDS 9000: 6.2.21 No fix available yet
    N5K
    N6K : No Fix Expected
    N7K: 8.2.1 (Sept. 2017)
    N3K
    N9K 7.0.3.I6 (April 2017)
    Cisco Nexus 5000 Series Switches CSCvc94610 7.3 (02-May-2017)
    Cisco Nexus 6000 Series Switches CSCvc94606 MDS 9000: 6.2.21 No fix available yet
    N5K
    N6K : No Fix Expected
    N7K: 8.2.1 (Sept. 2017)
    N3K
    N9K 7.0.3.I6 (April 2017)
    Cisco Nexus 7000 Series Switches CSCvc94606 MDS 9000: 6.2.21 No fix available yet
    N5K
    N6K : No Fix Expected
    N7K: 8.2.1 (Sept. 2017)
    N3K
    N9K 7.0.3.I6 (April 2017)
    Cisco Nexus 9000 Series Fabric Switches - ACI mode CSCvc94603 12.3x Drava (Jun-2017)
    Unified Computing
    Cisco Common Services Platform Collector CSCvc94568 CASP 1.12 (10-March-2017)
    Cisco UCS 6200 Series and 6300 Series Fabric Interconnects CSCvc94686 3.2.3 (14-Apr-2017)
    Cisco UCS B-Series Blade Servers CSCvc94616 3.2 (June-2017)
    Cisco UCS Director CSCvc96093 6.1 GlacierBay (31-May-2017)
    Cisco UCS Manager CSCvc96103 3.2.3 (14-April-2017)
    Voice and Unified Communications Devices
    Cisco ATA 187 Analog Telephone Adaptor CSCvc94765 No Fix Expected
    Cisco Agent Desktop for Cisco Unified Contact Center Express CSCvc94745 EoSWM (16-July-2016) No Fix Expected
    Cisco Agent Desktop CSCvc94581 No Fix Expected
    Cisco Emergency Responder CSCvc94749 CER 12.0 (July-2017)
    Cisco Finesse CSCvc98369
    Cisco Hosted Collaboration Mediation Fulfillment CSCvc94752
    Cisco IP 7800 Series Phones CSCvc94768 12.0 (31-Aug-2017)
    Cisco IP 8800 Series Phones - VPN feature CSCvc94767 12.0 (12-DEC-2017)
    Cisco MediaSense CSCvc98372 11.5 SU02 (4-Aug-2017)
    Cisco Unified Attendant Console Advanced CSCvc94735 11.0.2 (3-April-2017)
    Cisco Unified Attendant Console Business Edition CSCvc94735 11.0.2 (3-April-2017)
    Cisco Unified Attendant Console Department Edition CSCvc94735 11.0.2 (3-April-2017)
    Cisco Unified Attendant Console Enterprise Edition CSCvc94735 11.0.2 (3-April-2017)
    Cisco Unified Attendant Console Premium Edition CSCvc94735 11.0.2 (3-April-2017)
    Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) CSCvc94750
    Cisco Unified Communications Manager Session Management Edition CSCvc94740
    Cisco Unified Communications Manager CSCvc94740
    Cisco Unified Contact Center Express CSCvc96176 11.6(1) (30-April-2017)
    Cisco Unified IP 7937 Phone CSCvc96113 No Fix Expected
    Cisco Unified IP 8945 Phone CSCvc96109 9.4(2)SR4 (Dec-2017)
    Cisco Unity Connection CSCvc94741 12.0: Available
    11.5: Available
    Cisco Virtualization Experience Media Edition CSCvc94773 11.9 (30-June-2017)
    Cisco Virtualized Voice Browser CSCvc98374 11.6.1 (10-May-2017)
    Video, Streaming, TelePresence, and Transcoding Devices
    Cisco 4300 Series Digital Media Players CSCvc94651 5.4.1(RB3) (25-Feb-2017) 5.3.6(RB3) (25-Feb-2017)
    Cisco 4400 Series Digital Media Players CSCvc94651 5.4.1(RB3) (25-Feb-2017) 5.3.6(RB3) (25-Feb-2017)
    Cisco Cloud Object Storage CSCvc94672 3.14.0 (30-March-2017)
    Cisco Edge 300 Digital Media Player CSCvc94710 1.6RB5_2 (01-March-2017)
    Cisco Edge 340 Digital Media Player CSCvc94713 1.2RB1.0.6 ( 2-March-2017)
    Cisco Expressway Series CSCvc94669 X8.9.2 (31-Mar-2017)
    Cisco TelePresence Conductor CSCvc94650 4.3.1 (29-Mar-2017)
    Cisco TelePresence MX Series CSCvc94665 CE8.3.2 (April-2017)
    7.3.10 (August-2017)
    Cisco TelePresence Profile Series CSCvc94665 CE8.3.2 (April-2017)
    7.3.10 (August-2017)
    Cisco TelePresence SX Series CSCvc94665 CE8.3.2 (April-2017)
    7.3.10 (August-2017)
    Cisco TelePresence System 1000 CSCvc94733 500-32 - CTS6.1.13(6) (10-April-2017)
    1300 - CTS6.1.13(6) (10-April-2017)
    TX1310 - CTS6.1.13(6) (10-April-2017)
    TX9000 Series - CTS6.1.13(6) (10-April-2017)
    500-37- CTS1.10.16(4) (10-April-2017)
    1000 - CTS1.10.16(4) (10-April-2017)
    1100 - CTS1.10.16(4) (10-April-2017)
    3000 Series - CTS1.10.16(4) (10-April-2017)
    Cisco TelePresence System 1100 CSCvc94733 500-32 - CTS6.1.13(6) (10-April-2017)
    1300 - CTS6.1.13(6) (10-April-2017)
    TX1310 - CTS6.1.13(6) (10-April-2017)
    TX9000 Series - CTS6.1.13(6) (10-April-2017)
    500-37- CTS1.10.16(4) (10-April-2017)
    1000 - CTS1.10.16(4) (10-April-2017)
    1100 - CTS1.10.16(4) (10-April-2017)
    3000 Series - CTS1.10.16(4) (10-April-2017)
    Cisco TelePresence System 1300 CSCvc94733 500-32 - CTS6.1.13(6) (10-April-2017)
    1300 - CTS6.1.13(6) (10-April-2017)
    TX1310 - CTS6.1.13(6) (10-April-2017)
    TX9000 Series - CTS6.1.13(6) (10-April-2017)
    500-37- CTS1.10.16(4) (10-April-2017)
    1000 - CTS1.10.16(4) (10-April-2017)
    1100 - CTS1.10.16(4) (10-April-2017)
    3000 Series - CTS1.10.16(4) (10-April-2017)
    Cisco TelePresence System 3000 Series CSCvc94733 500-32 - CTS6.1.13(6) (10-April-2017)
    1300 - CTS6.1.13(6) (10-April-2017)
    TX1310 - CTS6.1.13(6) (10-April-2017)
    TX9000 Series - CTS6.1.13(6) (10-April-2017)
    500-37- CTS1.10.16(4) (10-April-2017)
    1000 - CTS1.10.16(4) (10-April-2017)
    1100 - CTS1.10.16(4) (10-April-2017)
    3000 Series - CTS1.10.16(4) (10-April-2017)
    Cisco TelePresence System 500-32 CSCvc94733 500-32 - CTS6.1.13(6) (10-April-2017)
    1300 - CTS6.1.13(6) (10-April-2017)
    TX1310 - CTS6.1.13(6) (10-April-2017)
    TX9000 Series - CTS6.1.13(6) (10-April-2017)
    500-37- CTS1.10.16(4) (10-April-2017)
    1000 - CTS1.10.16(4) (10-April-2017)
    1100 - CTS1.10.16(4) (10-April-2017)
    3000 Series - CTS1.10.16(4) (10-April-2017)
    Cisco TelePresence System 500-37 CSCvc94733 500-32 - CTS6.1.13(6) (10-April-2017)
    1300 - CTS6.1.13(6) (10-April-2017)
    TX1310 - CTS6.1.13(6) (10-April-2017)
    TX9000 Series - CTS6.1.13(6) (10-April-2017)
    500-37- CTS1.10.16(4) (10-April-2017)
    1000 - CTS1.10.16(4) (10-April-2017)
    1100 - CTS1.10.16(4) (10-April-2017)
    3000 Series - CTS1.10.16(4) (10-April-2017)
    Cisco TelePresence System EX Series CSCvc94665 CE8.3.2 (April-2017)
    7.3.10 (August-2017)
    Cisco TelePresence System TX1310 CSCvc94733 500-32 - CTS6.1.13(6) (10-April-2017)
    1300 - CTS6.1.13(6) (10-April-2017)
    TX1310 - CTS6.1.13(6) (10-April-2017)
    TX9000 Series - CTS6.1.13(6) (10-April-2017)
    500-37- CTS1.10.16(4) (10-April-2017)
    1000 - CTS1.10.16(4) (10-April-2017)
    1100 - CTS1.10.16(4) (10-April-2017)
    3000 Series - CTS1.10.16(4) (10-April-2017)
    Cisco TelePresence TX9000 Series CSCvc94733 500-32 - CTS6.1.13(6) (10-April-2017)
    1300 - CTS6.1.13(6) (10-April-2017)
    TX1310 - CTS6.1.13(6) (10-April-2017)
    TX9000 Series - CTS6.1.13(6) (10-April-2017)
    500-37- CTS1.10.16(4) (10-April-2017)
    1000 - CTS1.10.16(4) (10-April-2017)
    1100 - CTS1.10.16(4) (10-April-2017)
    3000 Series - CTS1.10.16(4) (10-April-2017)
    Cisco TelePresence Video Communication Server (VCS) CSCvc94669 X8.9.2 (31-Mar-2017)
    Cisco Telepresence Integrator C Series CSCvc94665 CE8.3.2 (April-2017)
    7.3.10 (August-2017)
    Cisco Video Surveillance 4300E and 4500E High-Definition IP Cameras CSCvc94689 3.2.7-240:(1-March-2017)
    Cisco Video Surveillance Media Server CSCvc94691 7.10 (eta June-2017)
    Cisco Videoscape AnyRes Live CSCvc94718 9.7.4 (14-Feb-2017)
    Cisco Videoscape Voyager Vantage CSCvc94721 Vantage 6.4 5 1 r\n OpenSSL 1.0.2i (-May-2017)
    Wireless
    Cisco Mobility Services Engine CSCvc94636
    Cisco Wireless LAN Controller CSCvc94648 8.5 (March-2017)
    Cisco Hosted Services
    Cisco Business Video Services Automation Software CSCvc94560 BV-VSAA 11.x (31-Dec-2017)
    Cisco Smart Care CSCvc94677 No Fix Expected
    Cisco WebEx Meeting Center CSCvc94598 1.3.28 (30-Apr-2017)
    ciscossl CSCvd41263

    Products Confirmed Not Vulnerable


    The following products are not affected by the vulnerabilities described in this advisory.

    Collaboration and Social Media
    • Cisco Unified MeetingPlace
    • Cisco WebEx Node for MCS

    Endpoint Clients and Client Software
    • Cisco Agent for OpenFlow
    • Cisco AnyConnect Secure Mobility Client for Android
    • Cisco AnyConnect Secure Mobility Client for Linux
    • Cisco AnyConnect Secure Mobility Client for Mac OS X
    • Cisco AnyConnect Secure Mobility Client for Windows
    • Cisco AnyConnect Secure Mobility Client for iOS
    • Cisco Jabber Client Framework (JCF) Components
    • Cisco Jabber for Android
    • Cisco WebEx Meetings for Android
    • Cisco WebEx Meetings for Windows Phone 8

    Network Application, Service, and Acceleration
    • Cisco Visual Quality Experience Server
    • Cisco Visual Quality Experience Tools Server
    • Cisco Wide Area Application Services (WAAS)

    Network and Content Security Devices
    • Cisco ASA Next-Generation Firewall Services
    • Cisco Adaptive Security Appliance (ASA)
    • Cisco Secure Access Control System (ACS)
    • Cisco Virtual Security Gateway for Microsoft Hyper-V

    Network Management and Provisioning
    • Cisco Application Networking Manager
    • Cisco Configuration Professional
    • Cisco Digital Media Manager
    • Cisco Management Appliance
    • Cisco Multicast Manager
    • Cisco Packet Tracer
    • Cisco Policy Suite
    • Cisco Prime Collaboration Provisioning
    • Cisco Prime Home
    • Cisco Prime Infrastructure Plug and Play Standalone Gateway
    • Cisco Prime LAN Management Solution - Solaris
    • Cisco Prime Network Registrar IP Address Manager (IPAM)
    • Cisco Prime Network Services Controller
    • Cisco Prime Network
    • Cisco Security Manager
    • Cisco UCS Central Software
    • Lancope Stealthwatch Endpoint Concentrator
    • Lancope Stealthwatch FlowCollector NetFlow
    • Lancope Stealthwatch FlowCollector sFlow
    • Lancope Stealthwatch FlowSensor
    • Lancope Stealthwatch SMC
    • Lancope Stealthwatch UDP Director

    Routing and Switching - Enterprise and Service Provider
    • Cisco Broadband Access Center for Telco and Wireless
    • Cisco Nexus 1000V Series Switches
    • Cisco Nexus 1000V Switch for VMware vSphere
    • Cisco Nexus 9000 Series Switches - Standalone, NX-OS mode
    • Cisco ONS 15454 Series Multiservice Provisioning Platforms
    • Cisco Service Control Operating System

    Routing and Switching - Small Business
    • Cisco 220 Series Smart Plus (Sx220) Switches
    • Cisco 500 Series Stackable (Sx500) Managed Switches
    • Cisco Small Business 300 Series (Sx300) Managed Switches

    Unified Computing
    • Cisco UCS Standalone C-Series Rack Server - Integrated Management Controller
    • Cisco Virtual Security Gateway

    Voice and Unified Communications Devices
    • Cisco ATA 190 Series Analog Terminal Adaptors
    • Cisco Computer Telephony Integration Object Server (CTIOS)
    • Cisco DX Series IP Phones
    • Cisco IP Interoperability and Collaboration System (IPICS)
    • Cisco Packaged Contact Center Enterprise
    • Cisco Paging Server (InformaCast)
    • Cisco Paging Server
    • Cisco SPA112 2-Port Phone Adapter
    • Cisco SPA122 Analog Telephone Adapter (ATA) with Router
    • Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA)
    • Cisco SPA51x IP Phones
    • Cisco SPA525G 5-Line IP Phone
    • Cisco Small Business SPA300 Series IP Phones
    • Cisco Small Business SPA500 Series IP Phones
    • Cisco TAPI Service Provider (TSP)
    • Cisco UC Integration for Microsoft Lync
    • Cisco Unified Attendant Console Standard
    • Cisco Unified Communications Domain Manager
    • Cisco Unified Contact Center Enterprise
    • Cisco Unified IP 6901 Phone
    • Cisco Unified IP 6945 Phone
    • Cisco Unified IP 7900 Series Phones
    • Cisco Unified IP 8831 Conference Phone for Third-Party Call Control
    • Cisco Unified IP 8831 Conference Phone
    • Cisco Unified IP 8961 Phone
    • Cisco Unified IP 9951 Phone
    • Cisco Unified IP 9971 Phone
    • Cisco Unified Intelligent Contact Management Enterprise
    • Cisco Unified SIP Proxy Software
    • Cisco Unified Wireless IP Phone
    • Cisco Unified Workforce Optimization
    • Cisco Unity Express

    Video, Streaming, TelePresence, and Transcoding Devices
    • Cisco DCM Series D990x Digital Content Manager
    • Cisco Enterprise Content Delivery System (ECDS)
    • Cisco MXE 3500 Series Media Experience Engines
    • Cisco TelePresence Content Server
    • Cisco TelePresence ISDN Gateway 3241
    • Cisco TelePresence ISDN Gateway MSE 8321
    • Cisco TelePresence ISDN Link
    • Cisco TelePresence MCU 4200 Series, 4500 Series, 5300 Series, MSE 8420, and MSE 8510
    • Cisco TelePresence Serial Gateway Series
    • Cisco TelePresence Server 7010 and MSE 8710
    • Cisco TelePresence Server on Multiparty Media 310 and 320
    • Cisco TelePresence Server on Multiparty Media 820
    • Cisco TelePresence Server on Virtual Machine
    • Cisco TelePresence Supervisor MSE 8050
    • Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS)
    • Cisco Video Surveillance 3000 Series IP Cameras
    • Cisco Video Surveillance 4000 Series High-Definition IP Cameras
    • Cisco Video Surveillance 6000 Series IP Cameras
    • Cisco Video Surveillance 7000 Series IP Cameras
    • Cisco Video Surveillance PTZ IP Cameras
    • Cisco Videoscape Control Suite
    • Tandberg Codian ISDN Gateway 3210, 3220, and 3240
    • Tandberg Codian MSE 8320

    Wireless
    • Cisco Aironet 1040 Series
    • Cisco Aironet 1130 AG Series
    • Cisco Aironet 1140 Series
    • Cisco Aironet 1200 Series
    • Cisco Aironet 1530 Series
    • Cisco Aironet 1550 Series
    • Cisco Aironet 1570 Series
    • Cisco Aironet 1600 Series
    • Cisco Aironet 1700 Series
    • Cisco Aironet 2600 Series
    • Cisco Aironet 2700 Series
    • Cisco Aironet 3500 Series
    • Cisco Aironet 3600 Series
    • Cisco Aironet 3700 Series
    • Cisco Aironet 700 Series
    • Cisco Aironet 700W Series
    • Cisco Industrial Wireless 3700 Series

    Cisco Hosted Services
    • Cisco Assessment Service for Network Authentication
    • Cisco Cloud Web Security
    • Cisco Cloud and Systems Management
    • Cisco Network Device Security Assessment Service
    • Cisco Network Health Framework
    • Cisco Network Performance Analysis
    • Cisco ONE Portal
    • Cisco Partner Support Service 1.x
    • Cisco Prime Network Change and Configuration Management
    • Cisco Proactive Network Operations Center
    • Cisco Registered Envelope Service
    • Cisco Services Provisioning Platform
    • Cisco Smart Net Total Care - Contracts Information System Process Controller
    • Cisco Smart Net Total Care - Smart Interactions
    • Cisco Smart Net Total Care
    • Cisco Unified Service Delivery Platform
    • Cisco Universal Small Cell 5000 Series - Running Releases 3.4.2.x
    • Cisco Universal Small Cell 7000 Series - Running Releases 3.4.2.x
    • Cisco Universal Small Cell CloudBase Factory Recovery Root Filesystem - Releases 2.99.4 and later
    • Cisco Universal Small Cell Iuh
    • Cisco WebEx Messenger Service

Details

  • OpenSSL Truncated Packet Processing Denial of Service Vulnerability

    A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

    The vulnerability is due to improper processing of truncated packets on an affected 32-bit host system when the system is using a specific cipher. An attacker could exploit this vulnerability by sending a truncated packet to a targeted system. An exploit could trigger an out-of-bounds read condition, causing the system to crash and resulting in a DoS condition.

    OpenSSL Key Exchange Handling Denial of Service Vulnerability

    A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

    The vulnerability is due to insufficient validation of user-supplied input processed by the affected software. An attacker could exploit this vulnerability by using a malicious server that is designed to submit crafted parameters for a Diffie-Hellman Key Exchange (DHE) or Elliptic Curve DHE (ECDHE) and persuading a targeted user on a client system to communicate with the malicious server. An exploit could trigger a NULL pointer dereference condition on the client system, causing the system to crash and resulting in a DoS condition.

    OpenSSL Montgomery Squaring Information Disclosure Vulnerability

    A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

    The vulnerability is in the x86_64 Montgomery squaring procedure of the affected software. An attacker could exploit this vulnerability by obtaining online access to an unpatched system that uses a shared private key with Diffie-Hellman (DH) parameters set. A successful exploit could allow the attacker to access sensitive private key information.

    OpenSSL Handshake Negotiation Denial of Service Vulnerability

    A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

    The vulnerability is due to improper security checks by the affected software. An attacker could exploit this vulnerability during a renegotiation handshake by the affected software. If the Encrypt-Then-Mac extension is negotiated during the handshake, the system could stop functioning properly, resulting in a DoS condition on the targeted system.

Workarounds

  • Any workarounds, when available, will be documented in the Cisco bugs, which are accessible through the Cisco Bug Search Tool.

Fixed Software

  • Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
    http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html

    Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that the devices to upgrade contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC):
    http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

    Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

    To determine the affected and fixed releases for each vulnerable product, refer to the Cisco bug identified for the product in the "Vulnerable Products" section of this advisory. Cisco bugs are accessible through the Cisco Bug Search Tool.

Exploitation and Public Announcements

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

    A public exploit exists for the OpenSSL Key Exchange Handling Denial of Service Vulnerability, CVE-2017-3730.

Source

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Action Links for This Advisory

Related to This Advisory

URL

Revision History

  • Version Description Section Status Date
    2.9 MSE Fix updated to unknown at this stage. Vulnerable Products Final 2017-July-05
    2.8 Added Cisco IOS XR first fixed release. Vulnerable Products Final 2017-June-20
    2.7 Updated product lists. Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable Final 2017-April-27
    2.6 Updated product lists. Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable Interim 2017-April-14
    2.5 Updated product lists. Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable Interim 2017-April-07
    2.4 Updated product lists. Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable Interim 2017-March-31
    2.3 Updated product lists. Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable Interim 2017-March-23
    2.2 Updated product lists. Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable Interim 2017-March-10
    2.1 Updated product lists. Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable Interim 2017-March-01
    2.0 Updated Summary to include a new vulnerability disclosed by OpenSSL Foundation on 16th of February 2017. Updated product lists for affected products. Summary, Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable, Source Interim 2017-February-17
    1.1 Updated product lists. Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable Interim 2017-February-03
    1.0 Initial public release. Interim 2017-January-30
    Show Less

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Action Links for This Advisory

Related to This Advisory