BugZero | Cisco BugID CSCvb48640 - Evaluation of pix-asa for Openssl September 2016

Cisco - Defect ID: CSCvb48640

Evaluation of pix-asa for Openssl September 2016

Cisco - Defect ID: CSCvb48640

Evaluation of pix-asa for Openssl September 2016

Last updated on 5/2/2025

Overall: 88.0

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 6.96.9

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 88.0

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 6.96.9

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

The product Cisco Adaptive Security Appliance (ASA) includes a version of OpenSSL that is affected by the vulnerability identified by one or more of the following Common Vulnerability and Exposures (CVE) IDs: CVE-2016-6304 CVE-2016-6305 CVE-2016-2183 CVE-2016-6303 CVE-2016-6302 CVE-2016-2182 CVE-2016-2180 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-6306 CVE-2016-6307 CVE-2016-6308 CVE-2016-6309 CVE-2016-7052 And disclosed in https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl Cisco has reviewed and concluded that this product is affected by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2016-6304 TLS OCSP Stapling extension Status Request memory consumption vulnerability CVE-2016-2183 Birthday attack against 64-bit block ciphers in TLS AKA SWEET32 CVE-2016-2180 OOB read in TS_OBJ_print_bio() CVE-2016-2177 Pointer arithmetic undefined behaviour CVE-2016-2178 DSA cache-timing side channel attack CVE-2016-6306 Certificate message OOB reads CVE-2016-2182 OOB write in BN_bn2dec() CVE-2016-2179 DTLS buffered message DoS CVE-2016-2181 DTLS replay protection DoS This product is not affected by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2016-6305 SSL_peek() hang on empty record CVE-2016-6303 OOB write in MDC2_Update() CVE-2016-6302 Malformed SHA512 ticket DoS CVE-2016-6307 Excessive allocation of memory in tls_get_message_header() CVE-2016-6308 Excessive allocation of memory in dtls1_preprocess_fragment() CVE-2016-6309 Fix Use After Free for large message sizes CVE-2016-7052 Missing CRL sanity check

Conditions

Exposure is not configuration dependent.

Workaround

Not available.

Further Problem Description

Additional details about those vulnerabilities can be found at http://cve.mitre.org/cve/cve.html PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base CVSS score as of the time of evaluation is: 5.0 https://tools.cisco.com/security/center/cvssCalculator.x?version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:UR The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvb48640

Evaluation of pix-asa for Openssl September 2016

Cisco - Defect ID: CSCvb48640

Evaluation of pix-asa for Openssl September 2016

Last updated on 5/2/2025

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?