Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.0279
Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
4 February 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco products
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Access Privileged Data -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-0701 CVE-2015-3197
Reference: ESB-2016.0250
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl
- --------------------------BEGIN INCLUDED TEXT--------------------
Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
High
Advisory ID:
cisco-sa-20160129-openssl
Last Updated:
2016 February 2 15:26 GMT
Published:
2016 January 29 16:00 GMT
Version 1.1:
Interim
Workarounds:
No workarounds available
CVE-2015-3197
CVE-2016-0701
Summary
On January 28, 2016, the OpenSSL Project released a security advisory
detailing two vulnerabilities.
Multiple Cisco products incorporate a version of the OpenSSL package affected
by one or more vulnerabilities that could allow an unauthenticated, remote
attacker to conduct man-in-the-middle attacks on an SSL/TLS connection.
This advisory will be updated as additional information becomes available.
Cisco will release software updates that address these vulnerabilities.
Workarounds that address these vulnerabilities are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl
Affected Products
Cisco is currently investigating its product line to determine which products
may be affected by these vulnerabilities and the impact on each affected
product. As the investigation progresses, this document will be updated to
include the Cisco bug IDs for each affected product. The bugs will be
accessible through the Cisco Bug Search Tool and will contain additional
platform-specific information, including workarounds (if available) and fixed
software versions.
The following products are under active investigation to determine whether
they are affected by the vulnerability that is described in this advisory.
Products Under Investigation
Collaboration and Social Media
Cisco WebEx Meetings Server versions 1.x
Cisco WebEx Meetings Server versions 2.x
Endpoint Clients and Client Software
Cisco Agent for OpenFlow
Cisco AnyConnect Secure Mobility Client for Android
Cisco AnyConnect Secure Mobility Client for Linux
Cisco AnyConnect Secure Mobility Client for OS X
Cisco AnyConnect Secure Mobility Client for Windows
Cisco AnyConnect Secure Mobility Client for iOS
Cisco Jabber for Android
Cisco Jabber for Windows
Cisco Jabber for iOS
Cisco MMP Server
Cisco WebEx Connect Client (Windows)
Cisco WebEx Meetings Client - Hosted
Cisco WebEx Meetings Client - On-premises
Cisco WebEx Meetings for Blackberry
Cisco WebEx Meetings for WP8
WebEx Meetings Server - SSL Gateway
WebEx Recording Playback Client
Network Application, Service, and Acceleration
Cisco ACE 30 Application Control Engine Module
Cisco ACE 4710 Application Control Engine (A5)
Cisco InTracer
Cisco Network Admission Control (NAC)
Cisco Visual Quality Experience Server
Cisco Visual Quality Experience Tools Server
Network and Content Security Devices
Cisco ASA Next-Generation Firewall Services
Cisco Clean Access Manager
Cisco Content Security Appliance Updater Servers
Cisco Content Security Management Appliance (SMA)
Cisco Email Security Appliance (ESA)
Cisco IPS
Cisco Identity Services Engine (ISE)
Cisco IronPort Encryption Appliance (IEA)
Cisco NAC Guest Server
Cisco NAC Server
Cisco Physical Access Control Gateway
Cisco Secure Access Control Server (ACS)
Cisco Virtual Security Gateway for Microsoft Hyper-V
Cisco Web Security Appliance (WSA)
Network Management and Provisioning
Cisco Application Networking Manager
Cisco Application Policy Infrastructure Controller (APIC)
Cisco Cloupia Unified Infrastructure Controller
Cisco Configuration Professional
Cisco MATE Collector
Cisco MATE Design
Cisco MATE Live
Cisco Management Appliance (MAP)
Cisco NetFlow Generation Appliance
Cisco Prime Access Registrar
Cisco Prime Collaboration Assurance
Cisco Prime Collaboration Deployment
Cisco Prime Data Center Network Manager (DCNM)
Cisco Prime Home
Cisco Prime Infrastructure
Cisco Prime LAN Management Solution (LMS - Solaris)
Cisco Prime License Manager
Cisco Prime Network Registrar IP Address Manager (IPAM)
Cisco Prime Performance Manager
Cisco Prime Security Manager
Cisco Quantum Policy Suite (QPS)
Cisco Quantum SON Suite
Cisco Security Manager
Routing and Switching - Enterprise and Service Provider
Cisco ASR 5000 Series
Cisco Connected Grid Router - CGOS
Cisco Connected Grid Router
Cisco IOS XE (SSLVPN feature)
Cisco IOS XE (WebUI feature only)
Cisco IOS XR
Cisco Nexus 1000V InterCloud
Cisco Nexus 1000V Series Switches (ESX)
Cisco Nexus 1000V Series Switches
Cisco Nexus 1000V Switch for Microsoft Hyper-V
Cisco Nexus 1010
Cisco Nexus 3000 Series Switches
Cisco Nexus 3X00 Series Switches
Cisco Nexus 4000 Series Blade Switches
Cisco Nexus 5000 Series Switches
Cisco Nexus 9000 (ACI/Fabric Switch)
Cisco Nexus 9000 Series (standalone, running NxOS)
Cisco Nexus 9000 Series Switches
Cisco ONS 15454 Series Multiservice Provisioning Platforms
Cisco Service Control Operating System
Routing and Switching - Small Business
Cisco Sx220 switches
Cisco Sx300 switches
Cisco Sx500 switches
Unified Computing
Cisco Common Services Platform Collector
Cisco Standalone rack server CIMC
Cisco UCS Invicta Series Solid State Systems
Cisco Unified Computing System (Management software)
Cisco Unified Computing System B-Series (Blade) Servers
Cisco Virtual Security Gateway
Voice and Unified Communications Devices
Cisco 7937 IP Phone
Cisco ATA 187 Analog Telephone Adaptor
Cisco Agent Desktop for Cisco Unified Contact Center Express
Cisco Agent Desktop
Cisco DX Series IP Phones
Cisco Emergency Responder
Cisco Finesse
Cisco IM and Presence Service (CUPS)
Cisco MediaSense
Cisco MeetingPlace
Cisco Packaged Contact Center Enterprise
Cisco Paging Server (Informacast)
Cisco Paging Server
Cisco Remote Silent Monitoring
Cisco TAPI Service Provider (TSP)
Cisco Unified 8831 series IP Conference Phone
Cisco Unified Attendant Console Advanced
Cisco Unified Attendant Console Business Edition
Cisco Unified Attendant Console Department Edition
Cisco Unified Attendant Console Enterprise Edition
Cisco Unified Attendant Console Premium Edition
Cisco Unified Attendant Console Standard
Cisco Unified Communications Domain Manager
Cisco Unified Communications Manager (UCM)
Cisco Unified Communications Manager Session Management Edition (SME)
Cisco Unified Communications for Microsoft Lync
Cisco Unified E-Mail Interaction Manager
Cisco Unified SIP Proxy
Cisco Unified Web Interaction Manager
Cisco Unified Workforce Optimization Quality Management
Cisco Unified Workforce Optimization
Cisco Unity Connection (UC)
Cisco Virtual PGW 2200 Softswitch
Cisco Virtualization Experience Media Engine
Cisco Voice Portal (CVP)
Video, Streaming, TelePresence, and Transcoding Devices
Cisco AnyRes Live (CAL)
Cisco D9859 Advanced Receiver Transcoder
Cisco DCM Series 9900-Digital Content Manager
Cisco Enterprise Content Delivery System (ECDS)
Cisco Expressway Series
Cisco Headend System Release
Cisco Internet Streamer (CDS)
Cisco Model D9485 DAVIC QPSK
Cisco TelePresence 1310
Cisco TelePresence Conductor
Cisco TelePresence Content Server (TCS)
Cisco TelePresence ISDN GW 3241
Cisco TelePresence ISDN GW MSE 8321
Cisco TelePresence ISDN Link
Cisco TelePresence MCU (8510, 8420, 4200, 4500, and 5300)
Cisco TelePresence Serial Gateway Series
Cisco TelePresence Server 8710, 7010
Cisco TelePresence Server on Multiparty Media 310, 320
Cisco TelePresence Server on Virtual Machine
Cisco TelePresence Supervisor MSE 8050
Cisco TelePresence System 1000
Cisco TelePresence System 1100
Cisco TelePresence System 1300
Cisco TelePresence System 3000 Series
Cisco TelePresence System 500-32
Cisco TelePresence System 500-37
Cisco TelePresence TX 9000 Series
Cisco TelePresence Video Communication Server (VCS)
Cisco VEN501 Wireless Access Point
Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS)
Cisco Video Surveillance 3000 Series IP Cameras
Cisco Video Surveillance 4000 Series High-Definition IP Cameras
Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras
Cisco Video Surveillance 6000 Series IP Cameras
Cisco Video Surveillance 7000 Series IP Cameras
Cisco Video Surveillance Media Server
Cisco Video Surveillance PTZ IP Cameras
Cisco Videoscape Control Suite
Cloud Object Store (COS)
Tandberg Codian ISDN GW 3210/3220/3240
Tandberg Codian MSE 8320 model
Wireless
Cisco Aironet 2700 Series Access Point
Cisco Mobility Services Engine (MSE)
Cisco Wireless LAN Controller (WLC)
Cisco Hosted Services
Cisco Cloud Web Security
Cisco Connected Analytics For Collaboration
Cisco Intelligent Automation for Cloud
Cisco One Portal
Cisco Proactive Network Operations Center
Cisco Smart Care
Cisco SmartConnection
Cisco SmartReports
Cisco UCS Invicta Series Autosupport Portal
Cisco Unified Services Delivery Platform (CUSDP)
Cisco Universal Small Cell usc-iuh
Cisco WebEx Meeting Center
Cisco WebEx Meetings (Meeting Center, Training Center, Event Center,
Support Center)
Communication/Collaboration Sizing Tool, Virtue Machine Placement
Tool, Cisco Unified Communications Upgrade Readiness Assessment
Life Cycle Management Agent Manager (LCM)
Network Health Framework (NHF)
Network Performance Analytics (NPA)
Partner Supporting Service (PSS) 1.x
Services Analytic Platform
Small Cell factory recovery root filesystem V2.99.4 or later
Vulnerable Products
The following table lists Cisco products that are affected by the
vulnerability that is described in this advisory.
Product Defect
Network Management and Provisioning
Cisco Prime Collaboration Provisioning CSCuy07329
Cisco Prime Optical for SPs C SCuy07316
Routing and Switching - Enterprise and Service Provider
Cisco MDS 9000 Series Multilayer Switches CSCuy07280
Cisco Nexus 5000 Series Switches CSCuy07280
Cisco Nexus 6000 Series Switches CSCuy07280
Cisco Nexus 7000 Series Switches CSCuy07280
Voice and Unified Communications Devices
Cisco 8800 Series IP Phones - VPN Feature CSCuy07524
Cisco Computer Telephony Integration Object Server (CTIOS) CSCuy07225
Cisco Unified 7800 Series IP Phones CSCuy07527
Cisco Unified 8945 IP Phone CSCuy07517
Cisco Unified Contact Center Enterprise CSCuy07225
Cisco Unified Intelligent Contact Management Enterprise CSCuy07225
Video, Streaming, TelePresence, and Transcoding Devices
Cisco Edge 300 Digital Media Player CSCuy07442
Cisco Hosted Services
Cisco Registered Envelope Service (CRES) CSCuy07230
Cisco WebEx Messenger Service CSCuy07254
Products Confirmed Not Vulnerable
The following products are not affected by the vulnerability that is
described in this advisory.
Collaboration and Social Media
Cisco WebEx Node for MCS
Endpoint Clients and Client Software
Cisco Jabber Guest Release 10.0(2)
Cisco Jabber Software Development Kit
Cisco Jabber for Mac
Cisco WebEx Meetings for Android
Cisco WebEx Productivity Tools
Network Application, Service, and Acceleration
Cisco Application and Content Networking System (ACNS)
Cisco Wide Area Application Services (WAAS)
Network and Content Security Devices
Cisco ASA CX and Cisco Prime Security Manager
Cisco ASA Content Security and Control (CSC) Security Services Module
Cisco Adaptive Security Appliance (ASA)
Cisco FireSIGHT System Software
Cisco Secure Access Control System (ACS)
Network Management and Provisioning
Cisco Digital Media Manager
Cisco Mobile Wireless Transport Manager
Cisco Multicast Manager
Cisco Network Analysis Module
Cisco Packet Tracer
Cisco Prime IP Express
Cisco Prime Infrastructure Standalone Plug and Play Gateway
Cisco Prime Network Registrar (CPNR)
Cisco Prime Network Services Controller
Cisco Prime Network
Cisco Show and Share (SnS)
Cisco UCS Central
Local Collector Appliance (LCA)
Routing and Switching - Enterprise and Service Provider
Cisco 910 Industrial Router
Cisco Broadband Access Center Telco Wireless
Cisco IOS Software and Cisco IOS XE Software
Cisco OnePK All-in-One VM
Voice and Unified Communications Devices
Cisco 190 ATA Series Analog Terminal Adaptor
Cisco Hosted Collaboration Mediation Fulfillment
Cisco IP Interoperability and Collaboration System (IPICS)
Cisco SPA112 2-Port Phone Adapter
Cisco SPA122 ATA with Router
Cisco SPA232D Multi-Line DECT ATA
Cisco SPA30X Series IP Phones
Cisco SPA50X Series IP Phones
Cisco SPA51X Series IP Phones
Cisco SPA525G
Cisco SPA8000 8-port IP Telephony Gateway
Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports
Cisco Unified 6901 IP Phones
Cisco Unified 6945 IP Phones
Cisco Unified 8961 IP Phone
Cisco Unified 9951 IP Phone
Cisco Unified 9971 IP Phone
Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
Cisco Unified IP Phone 7900 Series
Cisco Unified Wireless IP Phone
Video, Streaming, TelePresence, and Transcoding Devices
Cisco AnyRes VOD (CAL)
Cisco Digital Media Players (DMP) 4300 Series
Cisco Digital Media Players (DMP) 4400 Series
Cisco Edge 340 Digital Media Player
Cisco Media Experience Engines (MXE)
Cisco Media Services Interface
Cisco TelePresence EX Series
Cisco TelePresence MX Series
Cisco TelePresence Profile Series
Cisco TelePresence SX Series
Cisco TelePresence Integrator C Series
Cisco Hosted Services
Cisco Services Provisioning Platform (SPP)
Cisco Universal Small Cell 5000 Series running V3.4.2.x software
Cisco Universal Small Cell 7000 Series running V3.4.2.x software
Serial Number Assessment Service (SNAS)
Details
The vulnerability names and the associated Common Vulnerabilities and
Exposures (CVE) IDs for the January 28, 2016, OpenSSL Project announcement are
as follows:
OpenSSL DH Small Subgroups Vulnerability
A vulnerability in the generation of Diffie-Hellman (DH) parameters based
on unsafe primes in OpenSSL could allow an unauthenticated, remote attacker to
discover a TLS server's private DH exponent.
The vulnerability is due to ability to generate DH parameters based on
unsafe primes, introduced in version 1.0.2 of OpenSSL, where the support was
provided for generating X9.42 style parameter files. An attacker could exploit
this vulnerability by completing multiple handshakes in which the peer uses
the same private DH exponent. An exploit could allow the attacker to discover
a TLS server's private DH exponent and conduct man-in-the-middle attacks on
the SSL/TLS connection.
This vulnerability has been assigned CVE ID CVE-2016-0701.
OpenSSL SSLv2 Doesnt Block Disabled Ciphers
A vulnerability in the SSL negotiation of OpenSSL could allow an
unauthenticated, remote attacker to negotiate SSLv2 ciphers that have been
disabled on the server.
The vulnerability is due to the ability of a malicious client to negotiate
SSLv2 ciphers, that have been disabled on the server, and complete an SSLv2
handshake even if all SSLv2 ciphers have been disabled. An exploit could allow
the attacker to negotiate weak SSLv2 ciphers for SSL/TLS connections, making
them vulnerable to man-in-the-middle attacks.
This vulnerability has been assigned CVE ID CVE-2015-3197.
Workarounds
Any workarounds will be documented in the Cisco bugs, which are accessible
through the Cisco Bug Search Tool.
Fixed Software
Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support for
software versions and feature sets for which they have purchased a license. By
installing, downloading, accessing, or otherwise using such software upgrades,
customers agree to follow the terms of the Cisco software license:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do not
entitle customers to a new software license, additional software feature sets,
or major revision upgrades.
When considering software upgrades, customers are advised to consult the
Cisco Security Advisories and Responses archive at
http://www.cisco.com/go/psirt and review subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to upgrade contain
sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release. If
the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance providers.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
These vulnerabilities were publicly disclosed by the OpenSSL Project on
January 28, 2016.
URL
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl
Revision History
Version Description Section Status Date
1.1 Updated information about products Affected Products Interim 2016-February-02
under investigation, confirmed as not
vulnerable, and vulnerable.
1.0 Initial public release. - Interim 2016-January-29
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR
MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE
RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE
THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE.
A standalone copy or paraphrase of the text of this document that omits
the distribution URL is an uncontrolled copy and may lack important
information or contain factual errors. The information in this document is
intended for end users of Cisco products.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVrKjaX6ZAP0PgtI9AQLPvw/+JuBMEG/A0McE8ulHHpVdREP+ILn+MCAP
osY/TRui5kVQzXb4AGNqweZoqiWKrynKJHRMPGHN20Y3YoJp6t04MYzM1uAKzHeW
9TzWbOvkDlPw29BoCifXc/tZgTfq4+vwgvOktgP0C0HKHr+6J5LyuAEorq58OyEp
8kqfCmOe86B1j7fRyx50u2FbqnCcMk9WAET2+Ljxfcy2xiqI6cVLtFvPebPIBGYJ
B2WV34S9ItX+2v8bLSRgMFUVrF2vsiByWDJJU47rLDwPC56nRfkWsdXn+aoH9DhF
PIBHQI7e9DYmXGFgY/yiEwhxV8vreU1U7CN3L7kh82Id7qmn+xwoFo80+51wC4fx
XoGcC2MhgT8KVQeZ6RUELdFFUgBNulZNZyOV9yfjySL5A7Rn1vOsdRLnNISiKP91
Ogu69TTW92Pl5FnxxMvPeEiakUC2fQAYNys4oZe0UJUROB+QYsvCnjp+dz3DYPak
L75SKdHBo64Y7APsHsNKQ+jj7AXO6ZABpQg5ogwM9bTacl6qYVvfzuVt1aa1OBIw
ebdo0hErIpvuxcn5pSUOuLAPxnqRYw0xIXkBuEoPKql7K0uoGmO6umimzG8R58eZ
XVWkTK0hwxcbk9tQ++R82dsU9BhzydaVGC99GqezoeiKuiSsSKWN4B0CKsGMjd/R
WVY078fi14g=
=hoV1
-----END PGP SIGNATURE-----