Cisco IOS Multiple OpenSSL Vulnerabilities (CSCup22590)

Medium Nessus Plugin ID 88988


The remote device is missing a vendor-supplied security patch.


The remote Cisco IOS device is missing a vendor-supplied security patch and has an IOS service configured to use TLS or SSL. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library :

- A buffer overflow error exists related to invalid DTLS fragment handling that can lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)

- An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client.

- An unspecified error exists that allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224)


Upgrade to the relevant fixed version referenced in Cisco bug ID CSCup22590.

See Also

Plugin Details

Severity: Medium

ID: 88988

File Name: cisco-sa-20140605-openssl-ios.nasl

Version: 1.12

Type: combined

Family: CISCO

Published: 2016/02/26

Updated: 2019/11/19

Dependencies: 47864

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/06/05

Vulnerability Publication Date: 2014/06/03

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224

BID: 67899, 67900, 67901

CERT: 978508


CISCO-SA: cisco-sa-20140605-openssl