Description: | Summary: On December 3, 2015, the OpenSSL Project released a security advisory detailing five vulnerabilities. Cisco Application Policy Infrastructure Controller (APIC) Software incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
Vulnerability Insight: Multiple OpenSSL vulnerabilities affecting Cisco APIC:
- A vulnerability in the Montgomery multiplication module of OpenSSL could allow an unauthenticated, remote attacker to cause the library to produce unexpected and possibly weak cryptographic output (CVE-2015-3193).
- A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition (CVE-2015-3194).
- A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition (CVE-2015-3195).
- A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition (CVE-2015-3196).
- A vulnerability in the anonymous Diffie-Hellman cipher suite in OpenSSL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition (CVE-2015-1794).
Solution: See the referenced vendor advisory for a solution.
CVSS Score: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
|