Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.105691 |
Category: | CISCO |
Title: | Cisco NX-OS: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products |
Summary: | On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability; affecting applications that verify certificates, including SSL/Transport Layer Security; (TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client; authentication.;; Multiple Cisco products incorporate a version of the OpenSSL package affected by this vulnerability; that could allow an unauthenticated, remote attacker to cause certain checks on untrusted; certificates to be bypassed, enabling the attacker to forge `trusted` certificates that could be; used to conduct man-in-the-middle attacks.;; This advisory will be updated as additional information becomes available.;; Cisco will release free software updates that address this vulnerability.;; Workarounds that mitigate this vulnerability may be available. |
Description: | Summary: On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client authentication. Multiple Cisco products incorporate a version of the OpenSSL package affected by this vulnerability that could allow an unauthenticated, remote attacker to cause certain checks on untrusted certificates to be bypassed, enabling the attacker to forge `trusted` certificates that could be used to conduct man-in-the-middle attacks. This advisory will be updated as additional information becomes available. Cisco will release free software updates that address this vulnerability. Workarounds that mitigate this vulnerability may be available. Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-1793 BugTraq ID: 75652 http://www.securityfocus.com/bid/75652 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Cisco Security Advisory: 20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl https://www.exploit-db.com/exploits/38640/ http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html FreeBSD Security Advisory: FreeBSD-SA-15:12 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc https://security.gentoo.org/glsa/201507-15 HPdes Security Advisory: HPSBGN03424 http://marc.info/?l=bugtraq&m=144370846326989&w=2 HPdes Security Advisory: HPSBUX03388 http://marc.info/?l=bugtraq&m=143880121627664&w=2 HPdes Security Advisory: SSRT102180 NETBSD Security Advisory: NetBSD-SA2015-008 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://www.securitytracker.com/id/1032817 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427 |
Copyright | This script is Copyright (C) 2016 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |