OPERATIONAL DEFECT DATABASE
...
...
This product includes a version of OpenSSL that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2020-1971 This bug was opened to address the potential impact on this product.
Exploitation of this vulnerability in the product in question is possible only through the CRL verification vector, however the CRL verification for a received certificate is performed exclusively after verifying the signature of the certificate, so attacker in order to be able to exploit this vulnerability would need to be capable to generate a malicious certificate with a valid signature by a certification authority trusted by the target device, this significantly increases the difficulty of exploitation.
Not available or not applicable.
None
The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 5.9: https://tools.cisco.com/security/center/cvssCalculator.x?vector=CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE ID CVE-2020-1971 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
