cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6684
Views
5
Helpful
28
Replies

CSCus08101 - ASA evaluation of Poodle Bites in TLSv1

rhoisington3
Level 1
Level 1

Will Cisco provide an update to the legacy ASA product line like the 5510, 5520, 5540?  Code seems to have stopped for these platforms.

28 Replies 28

http://www.cisco.com/web/software/280775065/120360/ASA-932-Interim-Release-Notes.html

 

9.3.2(200) is asa932-200-smp-k8.bin, 9.3(2)2 is asa932-2-smp-k8.bin. Check out 9.3.2 Interim, that's the one.

 

Of course this is all irrelevant now, since you've already upgraded to 9.4.1.

So call me crazy, but is it not logical that 9.3.2(200) would be a later release, than a 9.3.2(2)?!??!

And right now, I don't even the 9.3.2(200) as a download at all. Quit confusing the issues Cisco. LOL

 

Ok, well at this point I am happy with our 9.4.1 OS and will keep tabs on any other issues that this release presents to us.

 

Mate I'm not saying it's making any sense, I'm just saying that's the way it is :)

Hi,

I am unable to identify 8.2.5.55 ios.

Kindly provide the link from where i can download this ios to restore this issues.

As of now my device running Adaptive Security Appliance Software Version 8.2(5) | asa825-k8.bin.

Hence kindly do the needful to restore poodle attack.

We also have this problem. We must fix it on Cisco ASA 5520? Could Cisco provide some status about fixing this issue?

Hellow CISCO, ETA please? PCI is waiting for this.

penny1
Level 1
Level 1

We have the same issue on 5510. Is Cisco going to address this??

Last update is that Cisco will fix it next year.

@Bojan - Can you advise where you got this information from, that Cisco will fix it next year? We have 2 x 5540's that we need to get patched/secured.

Hello,

 

I got this information from cisco TAC engineer Ahmad Alhajar -X (aalhajar) <aalhajar@cisco.com> aalhajar@cisco.com. 

 

 

Dear Bojan,

 

The vulnerability is related to CVE-2014-8730 and it is tracked under bug CSCus08101 'ASA: evaluation of Poodle Bites in TLSv1'

https://tools.cisco.com/bugsearch/bug/CSCus08101/?reffering_site=dumpcr

 

This vulnerability is not fixed yet and the development team is still working on the fix.

 

AS an ETA for the fix is at the beginning of 2015 but there is no exact day for it yet, I already submitted you to that bug so you will receive updated about it.

 

If you have any more concerns about this issue please feel free to contact me, if not so we can proceed with the closure.

 

Kind Regards,

Ahmad.

 

**Working hours (Monday-Friday 7am-3pm GMT) - For assistance outside these hours or while I am not available, please contact Cisco’s Front Line. Click here for the numbers:

http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

Hi Bojan,

i have also an TAC Case on this issue. My TAC engineer told me that a POODLE fixed ASA release for Version 8.4 will be available in last week of january and a fixed release for version 9.0 and 9.1 in first or second week of february:

----------------------------------------------------------------------------------

Hi Ayhan,

Thanks for the update.

The poodle bites in tlsv1 is fixed in 8.4.7.25 for ASA 5510/5520/5540 which is supposed to be released in the last week of January. Also, there would be some fixes in 9.0.4 and 9.1.6 for ASA 5510/5520/5540 which will be available by first or second week of February.

These are target dates and are subject to fluctuation due to development release activities.

Regards,

Aafreen

--------------------------------------------------------------------------------------

admin000139
Level 1
Level 1

Mate, this bug's not even fixed in the current line of ASAs as of yet, if that's any comfort to you...

according to my knowledge this is fixed with 9.2.3.3 and 9.1.6

 

Raj

craj

craj
Level 1
Level 1

This bug is fixed. Thanks to Cisco

 

raj

craj
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: