English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.105679
Categoría:CISCO
Título:Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products (cisco-sa-20150310-ssl)
Resumen:Multiple Cisco products incorporate a version of the OpenSSL package; affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause; a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project; released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:;; - CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability;; - CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability;; - CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability;; - CVE-2014-3572: OpenSSL Elliptic Curve Cryptographic Downgrade Vulnerability;; - CVE-2015-0204: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability;; - CVE-2015-0205: OpenSSL Diffie-Hellman Certificate Validation Authentication Bypass Vulnerability;; - CVE-2014-8275: OpenSSL Certificate Fingerprint Validation Vulnerability;; - CVE-2014-3570: OpenSSL BN_sql Function Incorrect Mathematical Results Issue;; Cisco will release software updates that address these vulnerabilities.;; Workarounds that mitigate these vulnerabilities may be available.
Descripción:Summary:
Multiple Cisco products incorporate a version of the OpenSSL package
affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause
a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project
released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:

- CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability

- CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability

- CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability

- CVE-2014-3572: OpenSSL Elliptic Curve Cryptographic Downgrade Vulnerability

- CVE-2015-0204: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability

- CVE-2015-0205: OpenSSL Diffie-Hellman Certificate Validation Authentication Bypass Vulnerability

- CVE-2014-8275: OpenSSL Certificate Fingerprint Validation Vulnerability

- CVE-2014-3570: OpenSSL BN_sql Function Incorrect Mathematical Results Issue

Cisco will release software updates that address these vulnerabilities.

Workarounds that mitigate these vulnerabilities may be available.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3571
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BugTraq ID: 71937
http://www.securityfocus.com/bid/71937
Cisco Security Advisory: 20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
Debian Security Information: DSA-3125 (Google Search)
http://www.debian.org/security/2015/dsa-3125
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html
HPdes Security Advisory: HPSBHF03289
http://marc.info/?l=bugtraq&m=142721102728110&w=2
HPdes Security Advisory: HPSBMU03380
http://marc.info/?l=bugtraq&m=143748090628601&w=2
HPdes Security Advisory: HPSBMU03396
http://marc.info/?l=bugtraq&m=144050205101530&w=2
HPdes Security Advisory: HPSBMU03397
http://marc.info/?l=bugtraq&m=144050297101809&w=2
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
HPdes Security Advisory: HPSBMU03413
http://marc.info/?l=bugtraq&m=144050254401665&w=2
HPdes Security Advisory: HPSBOV03318
http://marc.info/?l=bugtraq&m=142895206924048&w=2
HPdes Security Advisory: HPSBUX03162
http://marc.info/?l=bugtraq&m=142496179803395&w=2
HPdes Security Advisory: HPSBUX03244
http://marc.info/?l=bugtraq&m=142496289803847&w=2
HPdes Security Advisory: SSRT101885
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
RedHat Security Advisories: RHSA-2015:0066
http://rhn.redhat.com/errata/RHSA-2015-0066.html
http://www.securitytracker.com/id/1033378
SuSE Security Announcement: SUSE-SU-2015:0946 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
SuSE Security Announcement: openSUSE-SU-2015:0130 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0206
BugTraq ID: 71940
http://www.securityfocus.com/bid/71940
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
SuSE Security Announcement: openSUSE-SU-2015:1277 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
XForce ISS Database: openssl-cve20150206-dos(99704)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99704
Common Vulnerability Exposure (CVE) ID: CVE-2014-3569
BugTraq ID: 71934
http://www.securityfocus.com/bid/71934
Common Vulnerability Exposure (CVE) ID: CVE-2014-3572
BugTraq ID: 71942
http://www.securityfocus.com/bid/71942
HPdes Security Advisory: HPSBGN03299
http://marc.info/?l=bugtraq&m=142720981827617&w=2
HPdes Security Advisory: SSRT101987
SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0204
BugTraq ID: 71936
http://www.securityfocus.com/bid/71936
https://security.gentoo.org/glsa/201503-11
HPdes Security Advisory: HPSBMU03345
http://marc.info/?l=bugtraq&m=144043644216842&w=2
HPdes Security Advisory: HPSBUX03334
http://marc.info/?l=bugtraq&m=143213830203296&w=2
HPdes Security Advisory: SSRT102000
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063
https://freakattack.com/
RedHat Security Advisories: RHSA-2015:0800
http://rhn.redhat.com/errata/RHSA-2015-0800.html
RedHat Security Advisories: RHSA-2015:0849
http://rhn.redhat.com/errata/RHSA-2015-0849.html
RedHat Security Advisories: RHSA-2016:1650
http://rhn.redhat.com/errata/RHSA-2016-1650.html
SuSE Security Announcement: SUSE-SU-2015:1085 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
SuSE Security Announcement: SUSE-SU-2015:1086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
SuSE Security Announcement: SUSE-SU-2015:1138 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
SuSE Security Announcement: SUSE-SU-2015:1161 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
SuSE Security Announcement: SUSE-SU-2015:2166 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
SuSE Security Announcement: SUSE-SU-2015:2168 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
SuSE Security Announcement: SUSE-SU-2015:2182 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:2192 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
SuSE Security Announcement: SUSE-SU-2015:2216 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
SuSE Security Announcement: SUSE-SU-2016:0113 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
XForce ISS Database: openssl-cve20150204-weak-security(99707)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99707
Common Vulnerability Exposure (CVE) ID: CVE-2015-0205
BugTraq ID: 71941
http://www.securityfocus.com/bid/71941
XForce ISS Database: openssl-cve20150205-sec-bypass(99708)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99708
Common Vulnerability Exposure (CVE) ID: CVE-2014-8275
BugTraq ID: 71935
http://www.securityfocus.com/bid/71935
Common Vulnerability Exposure (CVE) ID: CVE-2014-3570
BugTraq ID: 71939
http://www.securityfocus.com/bid/71939
CopyrightCopyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.