Boletines de Vulnerabilidades

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

Información sobre el sistema
   
Software afectado Cisco

Descripción
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: SSL/TLS Man-in-the-Middle Vulnerability DTLS Recursion

More info:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products&v

Identificadores estándar
Propiedad Valor
CVE CVE-2014-0224 ,CVE-2014-0221 ,CVE-2014-0195 ,CVE-2014-0198 ,CVE-2010-5298 ,CVE-2014-3470 and CVE-2014-0076.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-06-24

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT