Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105691
Category:CISCO
Title:Cisco NX-OS: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
Summary:On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability; affecting applications that verify certificates, including SSL/Transport Layer Security; (TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client; authentication.;; Multiple Cisco products incorporate a version of the OpenSSL package affected by this vulnerability; that could allow an unauthenticated, remote attacker to cause certain checks on untrusted; certificates to be bypassed, enabling the attacker to forge `trusted` certificates that could be; used to conduct man-in-the-middle attacks.;; This advisory will be updated as additional information becomes available.;; Cisco will release free software updates that address this vulnerability.;; Workarounds that mitigate this vulnerability may be available.
Description:Summary:
On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability
affecting applications that verify certificates, including SSL/Transport Layer Security
(TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client
authentication.

Multiple Cisco products incorporate a version of the OpenSSL package affected by this vulnerability
that could allow an unauthenticated, remote attacker to cause certain checks on untrusted
certificates to be bypassed, enabling the attacker to forge `trusted` certificates that could be
used to conduct man-in-the-middle attacks.

This advisory will be updated as additional information becomes available.

Cisco will release free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability may be available.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-1793
BugTraq ID: 75652
http://www.securityfocus.com/bid/75652
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Cisco Security Advisory: 20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
https://www.exploit-db.com/exploits/38640/
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html
FreeBSD Security Advisory: FreeBSD-SA-15:12
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc
https://security.gentoo.org/glsa/201507-15
HPdes Security Advisory: HPSBGN03424
http://marc.info/?l=bugtraq&m=144370846326989&w=2
HPdes Security Advisory: HPSBUX03388
http://marc.info/?l=bugtraq&m=143880121627664&w=2
HPdes Security Advisory: SSRT102180
NETBSD Security Advisory: NetBSD-SA2015-008
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
http://www.securitytracker.com/id/1032817
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427
CopyrightThis script is Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.