Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105682
Category:CISCO
Title:OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
Summary:On July 9, 2015, the OpenSSL Project released a security advisory detailing; a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security; (TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client authentication.;; Multiple Cisco products incorporate a version of the OpenSSL package affected by this vulnerability that could; allow an unauthenticated, remote attacker to cause certain checks on untrusted certificates to be bypassed,; enabling the attacker to forge `trusted` certificates that could be used to conduct man-in-the-middle attacks.;; Cisco will release free software updates that address this vulnerability.;; Workarounds that mitigate this vulnerability may be available.
Description:Summary:
On July 9, 2015, the OpenSSL Project released a security advisory detailing
a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security
(TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client authentication.

Multiple Cisco products incorporate a version of the OpenSSL package affected by this vulnerability that could
allow an unauthenticated, remote attacker to cause certain checks on untrusted certificates to be bypassed,
enabling the attacker to forge `trusted` certificates that could be used to conduct man-in-the-middle attacks.

Cisco will release free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability may be available.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-1793
BugTraq ID: 75652
http://www.securityfocus.com/bid/75652
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Cisco Security Advisory: 20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
https://www.exploit-db.com/exploits/38640/
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html
FreeBSD Security Advisory: FreeBSD-SA-15:12
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc
https://security.gentoo.org/glsa/201507-15
HPdes Security Advisory: HPSBGN03424
http://marc.info/?l=bugtraq&m=144370846326989&w=2
HPdes Security Advisory: HPSBUX03388
http://marc.info/?l=bugtraq&m=143880121627664&w=2
HPdes Security Advisory: SSRT102180
NETBSD Security Advisory: NetBSD-SA2015-008
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
http://www.securitytracker.com/id/1032817
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.