Cisco Notification Alert -Prime - LMS-01-Oct-2015 16:50 GMT

Feedback Sign Up Unsubscribe         Security Advisories & Responses - Prime LAN Management Solution Title: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products Description: On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client authentication. Multiple Cisco products incorporate a version of the OpenSSL package affected by this vulnerability that could allow an unauthenticated, remote attacker to cause certain checks on untrusted certificates to be bypassed, enabling the attacker to forge "trusted" certificates that could be used to conduct man-in-the-middle attacks. This advisory will be updated as additional information becomes available. Cisco will release free software updates that address this vulnerability. Workarounds that mitigate this vulnerability may be available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl Date: 16-SEP-2015 Title: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products Description: Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Elliptic Curve Cryptographic Downgrade Vulnerability CVE-2015-0204: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability CVE-2015-0205: OpenSSL Diffie-Hellman Certificate Validation Authentication Bypass Vulnerability CVE-2014-8275: OpenSSL Certificate Fingerprint Validation Vulnerability CVE-2014-3570: OpenSSL BN_sql Function Incorrect Mathematical Results Issue Cisco will release software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl Date: 22-SEP-2015 Find additional information in Cisco Security Advisories & Responses Software Updates for Prime LAN Management Solution Product Name: CiscoWorks LAN Management Solution 4.0 Software Type: LMS CiscoView Device Package Updates Release Version: ASR900(3.1) Alert Type: New File File Name: SwitchAddlets.cv50.v1-47.zip File Description: ZIP file for CiscoView SwitchAddlets package File Release Date: 14-SEP-2015 Alert Type: New File File Name: ASR900.cv50.v3-1.zip File Description: ZIP file for CiscoView ASR900 Package File Release Date: 14-SEP-2015 Alert Type: New File File Name: NGMARShare.cv50.v1-35.zip File Description: ZIP file for CiscoView NGMARShare package File Release Date: 14-SEP-2015 Find additional information in Software Downloads index. Software Updates for Prime LAN Management Solution Product Name: Prime LAN Management Solution 4.2 Software Type: LMS CiscoView Device Package Updates Release Version: ASR900(3.1) Alert Type: New File File Name: SwitchAddlets.cv50.v1-47.zip File Description: ZIP file for CiscoView SwitchAddlets package File Release Date: 14-SEP-2015 Alert Type: New File File Name: NGMARShare.cv50.v1-35.zip File Description: ZIP file for CiscoView NGMARShare package File Release Date: 14-SEP-2015 Alert Type: New File File Name: ASR900.cv50.v3-1.zip File Description: ZIP file for CiscoView ASR900 Package File Release Date: 14-SEP-2015 Find additional information in Software Downloads index. Software Updates for Prime LAN Management Solution Product Name: Prime LAN Management Solution 4.1 Software Type: LMS CiscoView Device Package Updates Release Version: ASR900(3.1) Alert Type: New File File Name: ASR900.cv50.v3-1.zip File Description: ZIP file for CiscoView ASR900 Package File Release Date: 14-SEP-2015 Alert Type: New File File Name: NGMARShare.cv50.v1-35.zip File Description: ZIP file for CiscoView NGMARShare package File Release Date: 14-SEP-2015 Alert Type: New File File Name: SwitchAddlets.cv50.v1-47.zip File Description: ZIP file for CiscoView SwitchAddlets package File Release Date: 14-SEP-2015 Find additional information in Software Downloads index.   2013 Cisco and/or its affiliates. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks