| |
Title: | Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products |
Description: | Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to bypass authentication controls or to create a denial of service (DoS) condition.
On April 7, 2015, NTP.org and US-CERT released a security advisory dealing with two issues regarding bypass of authentication controls. These vulnerabilities are referenced in this document as follows:
- CVE-2015-1798: NTP Authentication bypass vulnerability
- CVE-2015-1799: NTP Authentication doesn't protect symmetric associations against DoS attacks
Cisco has released software updates that address these vulnerabilities.
Workarounds that mitigate these vulnerabilities are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd |
Date: | 09-SEP-2015 |
|
|
| |
| |
Title: | OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products |
Description: | On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client authentication.
Multiple Cisco products incorporate a version of the OpenSSL package affected by this vulnerability that could allow an unauthenticated, remote attacker to cause certain checks on untrusted certificates to be bypassed, enabling the attacker to forge "trusted" certificates that could be used to conduct man-in-the-middle attacks.
This advisory will be updated as additional information becomes available.
Cisco will release free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability may be available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl |
Date: | 16-SEP-2015 |
|
|
| |
| |
Title: | Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products |
Description: | Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: - CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability
- CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability
- CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability
- CVE-2014-3572: OpenSSL Elliptic Curve Cryptographic Downgrade Vulnerability
- CVE-2015-0204: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability
- CVE-2015-0205: OpenSSL Diffie-Hellman Certificate Validation Authentication Bypass Vulnerability
- CVE-2014-8275: OpenSSL Certificate Fingerprint Validation Vulnerability
- CVE-2014-3570: OpenSSL BN_sql Function Incorrect Mathematical Results Issue
Cisco will release software updates that address these vulnerabilities.
Workarounds that mitigate these vulnerabilities may be available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl |
Date: | 22-SEP-2015 |
|
|
| |
2013 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论