12-21-2014 03:53 AM - edited 03-20-2019 08:24 PM
Will Cisco provide an update to the legacy ASA product line like the 5510, 5520, 5540? Code seems to have stopped for these platforms.
12-21-2014 01:29 PM
Interium update 915-20-k8.bin released on Dec. 19th patches the POODLE SSL3.0 exploit on the ASA but what about the TLSv1.0 exploit also?
02-25-2015 11:42 PM
Hello Guys,
the POODLE SSL3.0 and TLSv1.0 bug is fixed in Release 8.4(7)26. I have testet this Image and can acknowledge the functionality.
According to my Information which received from TAC it should be also fixed in 9.0.4 and 9.1.6. But i had not tested these Images by myself.
You can quick check POODLE vulnerabilities at:
https://www.ssllabs.com/ssltest/
Best Regards
Ayhan
02-26-2015 06:39 AM
Hello,
I can also confirm that the bug is fixed in 8.2.5.55. I have tested that image. According to Cisco, the list of fixed releases is as follows:
8.2 Train: 8.2.5.55
8.4 Train: 8.4.7.26
9.0 Train: 9.0.4.29
9.1 Train: 9.1.6
9.2 Train: 9.2.3.2
9.3 Train: 9.3.2.2
03-02-2015 08:23 AM
Was told in an open case on the 24th of February it was slated for release the next day barring any further delays. Obviously there was something that held up the process judging by the situation today. Still waiting for 9.1.6 to release for multiple ASA platforms here...
03-02-2015 01:43 PM
9.1.6 is out go grab it!
Although I can't seem to really find any release notes on it.. Maybe I'm too quick! :)
03-03-2015 04:47 AM
To anyone looking for it, make sure to expand the "Latest" section on the left side. 9.1.5 still is the one showing up as recommended when you first get to the download page.
03-03-2015 06:23 AM
The 9.1.6 release is for only the SMP edition. We need the non-SMP edition. Cisco, any ETA for Non-SMP?
03-03-2015 10:37 AM
Let's make this even more exciting... 9.1.6 seems to have been pulled from the Download Center. Anyone have any idea why? It was up earlier but is gone now.
Also, I downloaded the SMP version before and it definitely did NOT have SMP in the filename... and it is working on my 5505 in the lab here.
EDIT: 1:36pm: and it's back online for all platforms!
03-10-2015 05:58 AM
In the release notes the bug can not be found as fixed for 9.1.6 :
In the bug article (https://tools.cisco.com/bugsearch/bug/CSCus08101 ) is said it would be fixed in 9.1.6, but 9.1.6 is released but it does not appear in the "known fixed releases" section ?
03-11-2015 03:39 AM
Got confirmation from TAC. Bug is solved in the currently released 9.1.6
09-17-2015 06:35 PM
Hi all,
I upgraded to 9.2.4 on my 5585-X. But, when i tested via browser with TLS1.2 only (IE), the pages is error.
Then, is this version (9.2.4) fix CSCus08101?
Thanks.
03-04-2015 09:09 AM
I can confirm, that right now on my 5515X I have 9.3.2(200) installed and the above SSL test site STILL shows the POODLE BITES
This server is vulnerable to the POODLE attack against TLS servers. Patching required. Grade set to F.
03-04-2015 12:40 PM
Of course you're vulnerable. You need ASA 9.3(2)2, not 9.3(2.200).
04-08-2015 01:29 PM
I never saw, nor do I currently see a 9.3(2).2 (or variations).
I have updated one of my 5515X to 9.4.1 and I am now seeing a A- instead of an F. So that is MUCH better.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide