Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2770 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 21 November 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Collaboration and Social Media products Cisco Endpoint Clients and Client Software Cisco Network Application, Service, and Acceleration products Cisco Network and Content Security Devices Cisco Network Management and Provisioning products Cisco Routing and Switching - Enterprise and Service Provider products Cisco Voice and Unified Communications Devices Cisco Video, Streaming, TelePresence, and Transcoding Devices Cisco Hosted Services Publisher: Cisco Systems Operating System: Cisco Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: None CVE Names: CVE-2016-7055 CVE-2016-7054 CVE-2016-7053 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Security Advisory Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 Medium Advisory ID: cisco-sa-20161114-openssl First Published: 2016 November 14 16:00 GMT Last Updated: 2016 November 18 15:07 GMT Version 1.4: Interim Workarounds: No workarounds available CVE-2016-7053 CVE-2016-7054 CVE-2016-7055 CWE-119 CWE-310 Summary On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities. Of these vulnerabilities, the OpenSSL Software Foundation classifies one as Critical Severity, one as Moderate Severity, and one as Low Severity. Two of the vulnerabilities affect only recent OpenSSL versions in the 1.1.0 release series. The remaining Low Severity vulnerability affects OpenSSL versions in the 1.0.2 and 1.1.0 release series. This advisory will be updated as additional information becomes available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl Affected Products Cisco investigated its product line to determine which products may be affected by these vulnerabilities and the impact of the vulnerabilities on each affected product. For information about whether a product is affected, refer to the Vulnerable Products and Products Confirmed Not Vulnerable sections of this advisory. The Vulnerable Products section includes the ID of the Cisco bug for each affected product. The bugs are accessible through the Cisco Bug Search Tool and will contain additional platform-specific information, including any available workarounds and fixed software releases. Products Under Investigation The following Cisco products are under active investigation to determine whether they are affected by one or more of the vulnerabilities described in this advisory. Collaboration and Social Media Cisco SocialMiner Endpoint Clients and Client Software Cisco Jabber for Windows Cisco WebEx Meetings Client - On-Premises Cisco WebEx Meetings for BlackBerry Network Application, Service, and Acceleration Cisco Application and Content Networking System (ACNS) Network and Content Security Devices Cisco Content Security Management Appliance (SMA) Cisco Email Security Appliance (ESA) Cisco Physical Access Gateways Cisco Secure Access Control System (ACS) Cisco Web Security Appliance (WSA) Network Management and Provisioning Cisco Feature Analytics Service Cisco Network Profiler Cisco Prime Collaboration Assurance Cisco Prime Infrastructure Cisco Prime LAN Management Solution - Solaris Cisco Prime License Manager Cisco Prime Network Services Controller Cisco Unified Intelligence Center Routing and Switching - Enterprise and Service Provider Cisco 910 Industrial Router Unified Computing Cisco HyperFlex System Cisco UCS Director Voice and Unified Communications Devices Cisco Agent Desktop for Cisco Unified Contact Center Express Cisco Agent Desktop Cisco DX Series IP Phones Cisco Emergency Responder Cisco Finesse Cisco Remote Silent Monitoring Cisco UC Integration for Microsoft Lync Cisco Unified Contact Center Express Cisco Unified Customer Voice Portal Cisco Unified E-Mail Interaction Manager Cisco Unified IP 7937 Phone Cisco Unified Web Interaction Manager Cisco Unified Workforce Optimization - Quality Management Solution Cisco Unified Workforce Optimization Cisco Unity Express Cisco Virtual PGW 2200 Softswitch Cisco Virtualized Voice Browser Video, Streaming, TelePresence, and Transcoding Devices Cisco TelePresence System 1000 Cisco TelePresence System 1100 Cisco TelePresence System 1300 Cisco TelePresence System 3000 Series Cisco TelePresence System 500-32 Cisco TelePresence System 500-37 Cisco TelePresence System TX1310 Cisco TelePresence TX9000 Series Cisco Video Surveillance 4000 Series High-Definition IP Cameras Cisco Videoscape Voyager Vantage Wireless Cisco Mobility Services Engine Cisco Hosted Services Cisco Cloud and Managed Services Cisco Cloud Web Security Cisco Connected Analytics for Collaboration Cisco IC Capture Cisco IC Distribution - Internal Cisco Network Device Security Assessment Service Cisco Network Health Framework Cisco Network Performance Analysis Cisco Powered Cloud and Managed Services Platform Cisco Services Analytics Platform Cisco Smart Net Total Care Cisco Unified Service Delivery Platform Cisco Universal Small Cell Iuh Vulnerable Products The following table lists Cisco products that are affected only by the low severity vulnerability, CVE-2016-7055, described in this advisory. Product Cisco Bug ID Fixed Release Availability Collaboration and Social Media Cisco WebEx Meetings Server Release 1.x CSCvc08554 Cisco WebEx Meetings Server Release 2.x CSCvc08554 Cisco WebEx Node for MCS CSCvc08544 Endpoint Clients and Client Software Cisco Agent for OpenFlow CSCvc08715 Cisco Jabber Software Development Kit CSCvc08781 Cisco Jabber for Android CSCvc08820 Cisco Jabber for Mac CSCvc08779 Cisco WebEx Business Suite CSCvc08557 Cisco WebEx Meetings Server - Multimedia Platform (MMP) CSCvc08559 Cisco WebEx Meetings Server - SSL gateway CSCvc08555 Network Application, Service, and Acceleration Cisco 1000 Series Connected Grid Routers CSCvc08663 Cisco Wide Area Application Services (WAAS) CSCvc08680 Network and Content Security Devices Cisco Adaptive Security Appliance (ASA) CSCvc08670 Cisco Cisco Firepower9300 CSCvc08678 Cisco Content Security Appliance Update Servers CSCvc08542 Cisco FireSIGHT System Software CSCvc08539 Network Management and Provisioning Cisco NetFlow Generation Appliance CSCvc08619 Cisco Network Analysis Module CSCvc08614 Cisco Prime IP Express CSCvc08612 Cisco Prime Network Registrar CSCvc08607 Cisco Security Manager CSCvc08623 Routing and Switching - Enterprise and Service Provider Cisco ASR 5000 Series CSCvc08499 Cisco Application Policy Infrastructure Controller (APIC) CSCvc08570 Cisco Connected Grid Routers - Running Cisco CG-OS Software CSCvc08565 Cisco IOS XR Software CSCvc08628 Cisco IOS and Cisco IOS XE Software CSCvc08742 Cisco Nexus 9000 Series Fabric Switches - ACI mode CSCvc08571 Cisco ONS 15454 Series Multiservice Provisioning Platforms CSCvc08689 Voice and Unified Communications Devices Cisco Computer Telephony Integration Object Server (CTIOS) CSCvc08529 Cisco Unified Attendant Console Advanced CSCvc08749 Cisco Unified Attendant Console Business Edition CSCvc08749 Cisco Unified Attendant Console Department Edition CSCvc08749 Cisco Unified Attendant Console Enterprise Edition CSCvc08749 Cisco Unified Attendant Console Premium Edition CSCvc08749 Cisco Unified Attendant Console Standard CSCvc08750 Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) CSCvc08769 Cisco Unified Communications Manager Session Management Edition CSCvc08756 Cisco Unified Communications Manager CSCvc08756 Cisco Unified Contact Center Enterprise CSCvc08529 Cisco Unified IP 8831 Conference Phone CSCvc08794 Cisco Unified IP 8961 Phone CSCvc08770 Cisco Unified IP 9951 Phone CSCvc08770 Cisco Unified IP 9971 Phone CSCvc08770 Cisco Unified Intelligent Contact Management Enterprise CSCvc08529 Cisco Unity Connection CSCvc08759 Cisco Virtualization Experience Media Edition CSCvc08826 Video, Streaming, TelePresence, and Transcoding Devices Cisco Edge 300 Digital Media Player CSCvc08726 Cisco TelePresence Conductor CSCvc08629 Cisco TelePresence MX Series CSCvc08648 Cisco TelePresence Profile Series CSCvc08648 Cisco TelePresence SX Series CSCvc08648 Cisco TelePresence Server 7010 and MSE 8710 CSCvc08651 Cisco TelePresence Server on Multiparty Media 310 and 320 CSCvc08651 Cisco TelePresence Server on Multiparty Media 820 CSCvc08651 Cisco TelePresence Server on Virtual Machine CSCvc08651 Cisco TelePresence System EX Series CSCvc08648 Cisco Telepresence Integrator C Series CSCvc08648 Cisco Video Surveillance Media Server CSCvc08697 Cisco Videoscape Control Suite CSCvc08657 Cisco Hosted Services Cisco WebEx Messenger Service CSCvc08556 Note: Due to the low severity of this vulnerability, the OpenSSL Software Foundation is not planning to issue a new 1.0.2 release at this time. Products Confirmed Not Vulnerable Cisco has confirmed that the vulnerabilities described in this advisory do not affect the following Cisco products. Endpoint Clients and Client Software Cisco AnyConnect Secure Mobility Client for Android Cisco AnyConnect Secure Mobility Client for Desktop Platforms Cisco AnyConnect Secure Mobility Client for Linux Cisco AnyConnect Secure Mobility Client for Mac OS X Cisco AnyConnect Secure Mobility Client for Windows Cisco AnyConnect Secure Mobility Client for iOS Cisco Jabber Guest Network Application, Service, and Acceleration Cisco Visual Quality Experience Server Cisco Visual Quality Experience Tools Server Network and Content Security Devices Cisco Identity Services Engine (ISE) Cisco Virtual Security Gateway for Microsoft Hyper-V Network Management and Provisioning Cisco Application Networking Manager Cisco Business Video Services Automation Software Cisco Configuration Professional Cisco Digital Media Manager Cisco Management Appliance Cisco Multicast Manager Cisco Packet Tracer Cisco Prime Access Registrar Cisco Prime Collaboration Deployment Cisco Prime Collaboration Manager Cisco Prime Collaboration Provisioning Cisco Prime Data Center Network Manager Cisco Prime Home Cisco Prime Infrastructure Plug and Play Standalone Gateway Cisco Prime Network Registrar IP Address Manager (IPAM) Cisco Prime Network Cisco Prime Optical for Service Providers Cisco Prime Performance Manager Cisco Smart Net Total Care - Local Collector appliance Cisco UCS Central Software Routing and Switching - Enterprise and Service Provider Cisco Broadband Access Center for Telco and Wireless Cisco MDS 9000 Series Multilayer Switches Cisco Nexus 1000V Series Switches Cisco Nexus 1000V Switch for VMware vSphere Cisco Nexus 3000 Series Switches Cisco Nexus 3500 Series Switches Cisco Nexus 4000 Series Blade Switches Cisco Nexus 5000 Series Switches Cisco Nexus 6000 Series Switches Cisco Nexus 7000 Series Switches Cisco Nexus 9000 Series Switches - Standalone, NX-OS mode Cisco Service Control Operating System Routing and Switching - Small Business Cisco 220 Series Smart Plus (Sx220) Switches Cisco 500 Series Stackable (Sx500) Managed Switches Cisco Small Business 300 Series (Sx300) Managed Switches Unified Computing Cisco Common Services Platform Collector Cisco UCS 6200 Series Fabric Interconnects Cisco UCS B-Series Blade Servers Cisco UCS Manager Cisco UCS Standalone C-Series Rack Server - Integrated Management Controller Voice and Unified Communications Devices Cisco ATA 187 Analog Telephone Adaptor Cisco ATA 190 Series Analog Terminal Adaptors Cisco Hosted Collaboration Mediation Fulfillment Cisco IP 7800 Series Phones Cisco IP 8800 Series Phones - VPN feature Cisco IP Interoperability and Collaboration System (IPICS) Cisco Jabber for iPhone and iPad Cisco MediaSense Cisco Paging Server (InformaCast) Cisco Paging Server Cisco SPA112 2-Port Phone Adapter Cisco SPA122 Analog Telephone Adapter (ATA) with Router Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA) Cisco SPA51x IP Phones Cisco SPA525G 5-Line IP Phone Cisco SPA8000 8-Port IP Telephony Gateway Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports Cisco Small Business SPA300 Series IP Phones Cisco Small Business SPA500 Series IP Phones Cisco TAPI Service Provider (TSP) Cisco Unified Communications Domain Manager Cisco Unified IP 6901 Phone Cisco Unified IP 6945 Phone Cisco Unified IP 7900 Series Phones Cisco Unified IP 8831 Conference Phone for Third-Party Call Control Cisco Unified IP 8945 Phone Cisco Unified MeetingPlace Cisco Unified SIP Proxy Software Cisco Unified Wireless IP Phone Video, Streaming, TelePresence, and Transcoding Devices Cisco 4300 Series Digital Media Players Cisco 4400 Series Digital Media Players Cisco Cloud Object Storage Cisco D9859 Advanced Receiver Transcoder Cisco DCM Series D990x Digital Content Manager Cisco Edge 340 Digital Media Player Cisco Enterprise Content Delivery System (ECDS) Cisco Expressway Series Cisco MXE 3500 Series Media Experience Engines Cisco Show and Share Cisco TelePresence Content Server Cisco TelePresence ISDN Gateway 3241 Cisco TelePresence ISDN Gateway MSE 8321 Cisco TelePresence ISDN Link Cisco TelePresence MCU 4200 Series, 4500 Series, 5300 Series, MSE 8420, and MSE 8510 Cisco TelePresence Serial Gateway Series Cisco TelePresence Supervisor MSE 8050 Cisco TelePresence Video Communication Server (VCS) Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) Cisco Video Surveillance 3000 Series IP Cameras Cisco Video Surveillance 4300E and 4500E High-Definition IP Cameras Cisco Video Surveillance 6000 Series IP Cameras Cisco Video Surveillance 7000 Series IP Cameras Cisco Video Surveillance PTZ IP Cameras Cisco Videoscape AnyRes Live Tandberg Codian ISDN Gateway 3210, 3220, and 3240 Tandberg Codian MSE 8320 Wireless Cisco Wireless LAN Controller Cisco Hosted Services Cisco Assessment Service for Network Authentication Cisco Cloud and Systems Management Cisco Collaboration Virtual Machine Placement Tool Cisco Connectivity Cisco ONE Portal Cisco Partner Support Service 1.x Cisco Prime Network Change and Configuration Management Cisco Proactive Network Operations Center Cisco Registered Envelope Service Cisco Sentinel Cisco Services Provisioning Platform Cisco Smart Care Cisco Smart Collector - Product Lifecycle Manager Cisco Smart Net Total Care - Contracts Information System Cisco Smart Net Total Care - Contracts Information System Process Controller Cisco Smart Net Total Care - Core services Cisco Smart Net Total Care - Smart Interactions Cisco Software Operations Risk Assessment (SORA) Cisco Unified Communications Upgrade Readiness Assessment Cisco Unified Communications/Collaboration Sizing Tool Cisco Universal Small Cell 5000 Series - Running Release 3.4.2.x Cisco Universal Small Cell 7000 Series - Running Release 3.4.2.x Cisco Universal Small Cell CloudBase Factory Recovery Root Filesystem - Releases 2.99.4 and later Details The Common Vulnerabilities and Exposures (CVE) IDs and names of the vulnerabilities that were disclosed on November 10, 2016, in the OpenSSL Software Foundation security advisory are as follows: CVE-2016-7053: OpenSSL CMS Null Dereference Vulnerability CVE-2016-7054: OpenSSL ChaCha20/Poly1305 Heap Buffer Overflow Vulnerability CVE-2016-7055: OpenSSL Montgomery Multiplication May Produce Incorrect Results Vulnerability OpenSSL CMS Null Dereference Vulnerability A vulnerability in the code that handles ASN.1 CHOICE type in OpenSSL 1.1.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. An attacker could exploit this vulnerability by submitting crafted input to be processed by the affected software. A successful exploit could allow an attacker to cause the application to stop functioning properly, leading to a DoS condition. This vulnerability has been assigned the following CVE ID: CVE-2016-7053 OpenSSL ChaCha20/Poly1305 Heap Buffer Overflow Vulnerability A vulnerability in the *-CHACHA20-POLY1305 cipher suites in OpenSSL could allow an unauthenticated, remote attacker to cause a targeted system to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied data by the affected software. An attacker could exploit this vulnerability by submitting large amounts of crafted data to the *-CHACHA20-POLY1305 cipher suites of the affected software over a Transport Layer Security (TLS) connection. A successful exploit could allow the attacker to cause the affected software to crash, resulting in a DoS condition on the targeted system. This vulnerability has been assigned the following CVE ID: CVE-2016-7054 OpenSSL Montgomery Multiplication May Produce Incorrect Results Vulnerability A vulnerability in OpenSSL could cause authentication or key negotiation failures, resulting in a denial of service (DoS) condition. The vulnerability is due to Montgomery multiplication mathematical errors that occur when using OpenSSL with elliptic curve algorithms. The vulnerability may occur without any external attacker action when performing cryptographic operations. Errors resulting from incorrect mathematical computations could cause OpenSSL to fail during authentication or key negotiation, resulting in a DoS. This vulnerability has been assigned the following CVE ID: CVE-2016-7055 For additional details about the vulnerabilities, refer to the November 2016 OpenSSL Security Advisory published by the OpenSSL Software Foundation. Workarounds Any workarounds that address one or more of these vulnerabilities will be documented in the Cisco bugs, which are accessible from the Cisco Bug Search Tool, for each affected product. Fixed Software Updates for affected software releases will be published when they are available and information about those updates will be documented in Cisco bugs, which are accessible from the Cisco Bug Search Tool. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source These vulnerabilities were publicly disclosed by the OpenSSL Software Foundation on November 10, 2016. URL http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl Revision History Version Description Section Status Date 1.4 Updated the lists of products that are and are not vulnerable. Vulnerable Products and Products Confirmed Not Vulnerable Interim 2016-November-18 1.3 Updated the lists of products that are and are not vulnerable. Vulnerable Products and Products Confirmed Not Vulnerable Interim 2016-November-17Show Complete History... LEGAL DISCLAIMER THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWDJeMYx+lLeg9Ub1AQgJNQ//X8wy5UJ79K8z/6vj6dNmEccEAYH8ERiX 9x7MYbVZ6HVAb7U0iki7ZWEKDfd09JuOPVEdeGRXzHwxkXbnjR7YaYl3x3e1Hptz 7HO3rK3q85IJFlvfZ11+VS2fPDO3SSzwiTWaq4a8fewa91y7q/SpqtGiSSLHc5De IUOs1oE6EVW7Q1gjTe5ItaStPgAQ2mlLaWM09Vd3CXhaX9h0JHvcdVH6jn5aKUTq Lox9NqXMWaSuX6+ROkPKFyaLnHpGHXVSuNWo5o/UarMeFoYx1pcyriT9pYfUmMUb vl/icvozOzuB1RN6q7H4atbRGR5zX0jlMKuJchPzkfpHgEqhAlW4wQsFN4ocCigw cwioUvrv175nX2FxkyGrjONDoBumPC9ItJL9a81ZTaCU9Oz61WfnszARD0vBF/uF FTAaBpk89OR/14dKn7CUFr+5BoU74D46Yf733dIx071QYiVhRB/yzmwmB83NjXxp WL7MQ/dtB6JIWo/qF/DWz6y8aASpMYKoN4f1ni7ovegJv0xs7yn/FDXMgdwib8kb 3kPRld/fPm/0jt+/f0ItnXhlKzemqJeTf1aRM2hoDbVlZEcEyos7vE1GgJkWWT58 s7Jg+oxIC97TxoArmJCz4azSY6DVn/t//+SkHqb4kDfQx8I3/WDmSY0rQtYwgEJF e1EOusleqZs= =GTwN -----END PGP SIGNATURE-----