This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote host is affected by multiple vulnerabilities.
The remote Cisco ASA device is running a software version known to be
affected by multiple OpenSSL related vulnerabilities :
- A buffer overflow error exists related to invalid DTLS
fragment handling that could lead to execution of
arbitrary code. Note this issue only affects OpenSSL
when used as a DTLS client or server. (CVE-2014-0195)
- An unspecified error exists that could allow an
attacker to cause usage of weak keying material
leading to simplified man-in-the-middle attacks.
Note that Nessus has not checked for the presence of workarounds that
may mitigate these vulnerabilities.
See also :
Apply the recommended vendor supplied software update or workaround.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true
Nessus Plugin ID: 76128 ()
Bugtraq ID: 6789967900
CVE ID: CVE-2014-0195CVE-2014-0224
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.