The first vulnerability affects only OpenSSL used on 32-bit systems architecture and may cause OpenSSL to crash. The second vulnerability affects only version 1.1.0 and occurs only when OpenSSL is used on the client side. The second vulnerability may cause OpenSSL to crash when connecting to a malicious server. The third vulnerability affects only systems based on x86_64 architecture. A successful exploit of the third vulnerability could allow the attacker to access sensitive private key information.
Multiple Cisco products incorporate a version of the OpenSSL package that is affected by one or more of these vulnerabilities.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
http://ift.tt/2jMgMnC
The first vulnerability affects only OpenSSL used on 32-bit systems architecture and may cause OpenSSL to crash. The second vulnerability affects only version 1.1.0 and occurs only when OpenSSL is used on the client side. The second vulnerability may cause OpenSSL to crash when connecting to a malicious server. The third vulnerability affects only systems based on x86_64 architecture. A successful exploit of the third vulnerability could allow the attacker to access sensitive private key information.
Multiple Cisco products incorporate a version of the OpenSSL package that is affected by one or more of these vulnerabilities.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
http://ift.tt/2jMgMnC
Security Impact Rating: Medium
CVE: CVE-2017-3730,CVE-2017-3731,CVE-2017-3732
from Cisco Security Advisory http://ift.tt/2jMgMnC
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.