Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCup22487)
Medium Nessus Plugin ID 88989
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe remote Cisco IOS XE device is missing a vendor-supplied security patch, and its web user interface is configured to use HTTPS. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library :
- An error exists in the ssl3_read_bytes() function that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled.
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- An error exists in the do_ssl3_write() function that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224)
SolutionUpgrade to the relevant fixed version referenced in Cisco bug ID CSCup22487.