Boletines de Vulnerabilidades

Vulnerability In Crypto Library

Información sobre el sistema
   
Software afectado Cisco

Descripción
A vulnerability has been discovered in a third party cryptographiclibrary which is used by a number of Cisco products. This vulnerability may betriggered when a malformed Abstract Syntax Notation One (ASN.1) object isparsed. Due to the nature of the vulnerability it may be possible, in somecases, to trigger this vulnerability without a valid certificate or validapplication-layer credentials (such as a valid username or password). Successful repeated exploitation of any of these vulnerabilities

More info:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070522-crypto?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Vulnerability%20In%20Crypto%20Library&vs_k=1

Identificadores estándar
Propiedad Valor
CVE CVE-2006-3894 and VU#754281.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2013-09-29

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT