This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote host is affected by multiple vulnerabilities.
The remote Cisco ASA device is running a software version known to be
affected by multiple OpenSSL related vulnerabilities :
- A buffer overflow error exists related to invalid DTLS
fragment handling that could lead to execution of
arbitrary code. Note this issue only affects OpenSSL
when used as a DTLS client or server. (CVE-2014-0195)
- An unspecified error exists that could allow an
attacker to cause usage of weak keying material
leading to simplified man-in-the-middle attacks.
Note that Nessus has not checked for the presence of workarounds that
may mitigate these vulnerabilities.
See also :
Apply the recommended vendor supplied software update or workaround.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true