https://community.cisco.com/t5/network-security/firewall/m-p/2892565#M153598 <P>Hi,&nbsp;</P> <P></P> <P>Could you please share the CVE id of the vulnerability which you are trying to patch.</P> <P></P> <P>Thanks,</P> <P>RS</P> Tue, 24 May 2016 09:09:03 GMT Rishabh Seth 2016-05-24T09:09:03Z https://community.cisco.com/t5/network-security/firewall/m-p/2892564#M153597 <P>Hi Guys,</P> <P>&nbsp; It seems there is a openssl Vulnerability for ASA. How to patch it, for ASA version 9.4.1 and is there any software update for it.</P> <P></P> <P>Regards,</P> <P>G.Pitchaimani</P> Tue, 12 Mar 2019 07:47:24 GMT https://community.cisco.com/t5/network-security/firewall/m-p/2892564#M153597 pitchaimani.kamal 2019-03-12T07:47:24Z https://community.cisco.com/t5/network-security/firewall/m-p/2892565#M153598 <P>Hi,&nbsp;</P> <P></P> <P>Could you please share the CVE id of the vulnerability which you are trying to patch.</P> <P></P> <P>Thanks,</P> <P>RS</P> Tue, 24 May 2016 09:09:03 GMT https://community.cisco.com/t5/network-security/firewall/m-p/2892565#M153598 Rishabh Seth 2016-05-24T09:09:03Z https://community.cisco.com/t5/network-security/firewall/m-p/2892566#M153600 <P>Hi,</P> <DIV class="inlineblock">The CVE id for 6 vulnerabilities listed below,</DIV> <DIV class="inlineblock"></DIV> <DIV class="inlineblock">First,four of them may cause memory corruption or excessive memory usage, 2nd one, could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, 3rd one, is specific to a product performing an operation with<EM> </EM>Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding.</DIV> <DIV class="inlineblock"></DIV> <DIV class="inlineblock">CVE-2016-2105</DIV> <DIV class="inlineblock">CVE-2016-2106</DIV> <DIV class="inlineblock">CVE-2016-2107</DIV> <DIV class="inlineblock">CVE-2016-2108</DIV> <DIV class="inlineblock">CVE-2016-2109</DIV> <DIV class="inlineblock">CVE-2016-2176</DIV> <DIV class="inlineblock"></DIV> <DIV class="inlineblock">Kindly, tell me how to patch it in the cisco ASA 5585 with the OS of 9.4.1</DIV> <DIV class="inlineblock">Regards,</DIV> <DIV class="inlineblock">G.Pitchaimani</DIV> Tue, 24 May 2016 10:00:45 GMT https://community.cisco.com/t5/network-security/firewall/m-p/2892566#M153600 pitchaimani.kamal 2016-05-24T10:00:45Z https://community.cisco.com/t5/network-security/firewall/m-p/2892567#M153601 <P>Hi,</P> <P></P> <P>Cisco ASA running release 9.0 or later may be affected by the following vulnerabilities.</P> <P></P> <P></P> <P>Exposure is not configuration dependent.</P> <P></P> <P>Padding oracle in AES-NI <G class="gr_ gr_33 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" id="33" data-gr-id="33">CBC MAC</G> <G class="gr_ gr_37 gr-alert gr_gramm gr_run_anim Grammar multiReplace" id="37" data-gr-id="37">check</G> CVE-2016-2107</P> <P>Memory corruption in the ASN.1 encoder CVE-2016-2108</P> <P>ASN.1 BIO excessive memory allocation CVE-2016-2109</P> <P></P> <P>The ASA is not affected by the following vulnerabilities:</P> <P></P> <P>EVP_EncodeUpdate overflow CVE-2016-2105</P> <P>EVP_EncryptUpdate overflow CVE-2016-2106</P> <P>EBCDIC overread CVE-2016-2176</P> <P></P> <P></P> <P>So while the ASA is not affected by the last 3, it may be affected by the first 3. There is no fixed version available yet but <G class="gr_ gr_41 gr-alert gr_spell gr_run_anim ContextualSpelling" id="41" data-gr-id="41">its</G> being tracked via a Sev2 defect, so we should have the fix soon:</P> <P>https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz52474/?reffering_site=dumpcr</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> Tue, 24 May 2016 13:53:37 GMT https://community.cisco.com/t5/network-security/firewall/m-p/2892567#M153601 Aditya Ganjoo 2016-05-24T13:53:37Z https://community.cisco.com/t5/network-security/firewall/m-p/2892568#M153602 Hi, Ok. So, when shall i expect the updates for these vulnerabilities Regards, G.Pitchaimani Thu, 26 May 2016 13:09:09 GMT https://community.cisco.com/t5/network-security/firewall/m-p/2892568#M153602 pitchaimani.kamal 2016-05-26T13:09:09Z https://community.cisco.com/t5/network-security/firewall/m-p/2892569#M153604 <P>Hi,</P> <P></P> <P>This being a Severity 2 bug expect a fix soon on this.</P> <P></P> <P>Apologies but I do not have an exact ETA for this.</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> Thu, 26 May 2016 13:34:09 GMT https://community.cisco.com/t5/network-security/firewall/m-p/2892569#M153604 Aditya Ganjoo 2016-05-26T13:34:09Z https://community.cisco.com/t5/network-security/firewall/m-p/2892570#M153605 <P>Hi,</P> <P>&nbsp; Is there any patch came for these vulnerabilities.</P> <P>Regards,</P> <P>G.Pitchaimani</P> <P></P> Wed, 01 Jun 2016 07:24:42 GMT https://community.cisco.com/t5/network-security/firewall/m-p/2892570#M153605 pitchaimani.kamal 2016-06-01T07:24:42Z https://community.cisco.com/t5/network-security/firewall/m-p/2892571#M153606 <P>Hi,&nbsp;</P> <P>&nbsp; Is there any update on OpenSSL vulnerabilities. Is there any patch available for OpenSSL Vulnerabilities.</P> <P></P> <P>Regards,</P> <P>G.Pitchaimani</P> Mon, 13 Jun 2016 17:21:01 GMT https://community.cisco.com/t5/network-security/firewall/m-p/2892571#M153606 pitchaimani.kamal 2016-06-13T17:21:01Z https://community.cisco.com/t5/network-security/firewall/m-p/2892572#M153607 <P>Hi,</P> <P></P> <P>The bug has been resolved and the fixed versions are listed in the bug details.</P> <P></P> <P>https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz52474/?reffering_site=dumpcr</P> <P></P> <P>You can upgrade to the fixed versions to overcome this bug impact.</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> <P></P> <DIV class="whiteRow"></DIV> Tue, 14 Jun 2016 00:44:27 GMT https://community.cisco.com/t5/network-security/firewall/m-p/2892572#M153607 Aditya Ganjoo 2016-06-14T00:44:27Z