Symptom
Cisco Identity Services Engine (ISE) includes a version of TLS or SSL v 3.0 that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2009-3555
This bug was opened to address the potential impact on this product.
Conditions
CSCvm03842 Only impacts the pxgrid services listing on TCP port 5222.
pxGrid TLS service listening on TCP port 5222 is only present when the pxGrid persona is enabled in ISE.
The vulnerability only impacts the pxGrid TLS service listening on TCP port 5222 and no other service in ISE.
The other TLS services (EAP server, RADIUS DTLS server and HTTPS Administration server and HTTPS Portals including Guest and other portals) are unaffected by CSCvm03842.
Workaround
Not available or not applicable.
Further Problem Description
None
PSIRT Evaluation
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base CVSS score as of the time of evaluation is 5.8:
https://tools.cisco.com/security/center/cvssCalculator.x?version=2.0&vector=CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P
CVE ID CVE-2009-3555 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
