Cisco Adaptive Security Appliances Multiple Vulnerabilities in OpenSSL
Medium Nessus Plugin ID 76128
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe remote Cisco ASA device is running a software version known to be affected by multiple OpenSSL related vulnerabilities :
- A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
Note that Nessus has not checked for the presence of workarounds that may mitigate these vulnerabilities.
SolutionApply the recommended vendor supplied software update or workaround.