Cisco ACE30 and ACE4710 OpenSSL 'ChangeCipherSpec' MiTM Vulnerability

Medium Nessus Plugin ID 76127

Synopsis

The remote host is affected by a man-in-the-middle vulnerability.

Description

The remote device is running a software version known to be affected by an OpenSSL related vulnerability. The flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable keys to be used to secure future traffic.

Solution

There is currently no known solution.

See Also

http://www.nessus.org/u?5539aa9d

https://www.openssl.org/news/secadv/20140605.txt

Plugin Details

Severity: Medium

ID: 76127

File Name: cisco-CSCup22544-ace.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 2014/06/18

Updated: 2018/07/02

Dependencies: 69912

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:application_control_engine_software

Required KB Items: Host/Cisco/ACE/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/06/05

Vulnerability Publication Date: 2014/06/05

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0224

BID: 67899

CERT: 978508