Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
 
Updated: June 10, 2014
 
Severity Rating: High
 
Overview:
 
Multiple Cisco products incorporating a version of the OpenSSL package were affected by several vulnerabilities that could be exploited by remote attackers to cause execution of arbitrary code, create a denial of service condition, and perform a man-in-the-middle attack. Cisco has released an update to address these vulnerabilities.
 
Description:
 
Multiple Cisco products incorporating a version of OpenSSL package were affected by several vulnerabilities that could be exploited by remote attackers to cause execution of arbitrary code, create a denial of service condition and perform a man-in-the-middle attack. The vulnerabilities reported are as follows:
 
1.     A SSL/TLS Man-in-the-Middle Vulnerability has been identified and this can allow an unauthenticated, remote attacker with the ability to intercept traffic between an affected client and server to successfully execute a man-in-the-middle attack.
2.     A DTLS Recursion Flaw vulnerability was identified and this can allow an unauthenticated, remote attacker to convince an affected client to connect to an attacker-controlled server. This vulnerability can be exploited to send an affected device a crafted DTLS packet. This could result in a partial or complete Denial of Service condition on the affected device.
3.     A DTLS Invalid Fragment vulnerability was identified and this could allow remote attackers to send a crafted DTLS packet to an affected device designed to trigger a buffer overflow condition. This vulnerability could allow the attacker to gain the ability to execute arbitrary code with elevated privileges.
4.     An SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference vulnerability has been identified and this can allow remote attackers to submit a malicious request designed to trigger a NULL pointer dereference. Successful exploitation of this vulnerability could result in a partial or complete Denial of Service condition on the affected device.
5.     An SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service vulnerability was reported and this can allow remote attackers to submit a malicious request designed to inject content into a parallel context or trigger a Denial of Service condition.
6.     An anonymous ECDH Denial of Service vulnerability was identified and this can be exploited by remote attackers to convince an affected client to connect to an attacker-controlled server to submit a crafted certificate designed to trigger a NULL pointer dereference. Successful exploitation of this vulnerability could create a Denial of Service condition.
7.     An ECDSA NONCE Side-Channel Recovery Attack vulnerability was identified and this can allow a remote attacker with the ability to run an application on an affected device to recover portions of ECDSA portions of ECDSA cryptographic materials via a side-channel attack. This could allow the attacker to reconstruct encryption keys used for the protection of network communications.
 
Cisco has released an update to address the vulnerabilities.
 
Affected Systems:
 
·         Cisco DPC/EPC 2202 VoIP Cable Modem
·         Cisco DPC/EPC 2203 VoIP Cable Modem
·         Cisco DPC/EPC 3208 VoIP Cable Modem
·         Cisco DPC/EPC2100 Cable Modem
·         Cisco DPC/EPC2325 Residential Gateway with Wireless Access Point
·         Cisco DPC/EPC2425 Wireless Residential Gateway with Embedded Digital VoiceAdapter
·         Cisco DPC/EPC2434 VoIP Wireless Home Gateway
·         Cisco Show and Share (SnS)
·         Cisco SocialMiner
·         Cisco Unified Meeting Place Application Server and Web Server
·         Cisco WebEx Node for ASR 1000 Series
·         Cisco WebEx Node for MCS
·         Cisco WebEx Productivity Tools
·         Cisco WebEx Social
 
Other affected systems are available on:
 
 
CVE Information
 
 
Solution
 
Users are advised to apply updates.
More information about the update is available on:
 
 
References
 
Cisco Security Advisory
 
 
Security Tracker
 
 
Disclaimer
 
The information provided herein is on "as is" basis, without warranty of any kind.
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
9th Floor, Stratton Court
La Poudriere Street
Port Louis