On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016. OpenSSL classifies all the new vulnerabilities as “Moderate Severity.”
The first vulnerability affects only OpenSSL used on 32-bit systems architecture and may cause OpenSSL to crash. The second vulnerability affects only version 1.1.0 and occurs only when OpenSSL is used on the client side. The second vulnerability may cause OpenSSL to crash when connecting to a malicious server. The third vulnerability affects only systems based on x86_64 architecture. A successful exploit of the third vulnerability could allow the attacker to access sensitive private key information.
Multiple Cisco products incorporate a version of the OpenSSL package that is affected by one or more of these vulnerabilities.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
http://ift.tt/2jMgMnC On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016. OpenSSL classifies all the new vulnerabilities as “Moderate Severity.”
The first vulnerability affects only OpenSSL used on 32-bit systems architecture and may cause OpenSSL to crash. The second vulnerability affects only version 1.1.0 and occurs only when OpenSSL is used on the client side. The second vulnerability may cause OpenSSL to crash when connecting to a malicious server. The third vulnerability affects only systems based on x86_64 architecture. A successful exploit of the third vulnerability could allow the attacker to access sensitive private key information.
Multiple Cisco products incorporate a version of the OpenSSL package that is affected by one or more of these vulnerabilities.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
http://ift.tt/2jMgMnC
Security Impact Rating: Medium
CVE: CVE-2017-3730,CVE-2017-3731,CVE-2017-3732
from Cisco Security Advisory http://ift.tt/2jMgMnC
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.