Cisco ACE30 and ACE4710 OpenSSL 'ChangeCipherSpec' MiTM Vulnerability

medium Nessus Plugin ID 76127

Synopsis

The remote host is affected by a man-in-the-middle vulnerability.

Description

The remote device is running a software version known to be affected by an OpenSSL related vulnerability. The flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable keys to be used to secure future traffic.

Solution

There is currently no known solution.

See Also

http://www.nessus.org/u?5539aa9d

https://www.openssl.org/news/secadv/20140605.txt

Plugin Details

Severity: Medium

ID: 76127

File Name: cisco-CSCup22544-ace.nasl

Version: 1.7

Type: local

Family: CISCO

Published: 6/18/2014

Updated: 11/26/2019

Risk Information

VPR

Risk Factor: High

Score: 7.7

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5.5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: E:F/RL:U/RC:C

CVSS Score Source: CVE-2014-0224

Vulnerability Information

CPE: cpe:/a:cisco:application_control_engine_software

Required KB Items: Host/Cisco/ACE/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/5/2014

Vulnerability Publication Date: 6/5/2014

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0224

BID: 67899

CERT: 978508