cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
705
Views
0
Helpful
1
Replies

Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) vulnerability

Robert Sherwin
Cisco Employee
Cisco Employee

Please be aware that the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) vulnerability is being addressed from our Cisco Product Security Incident Response Team (PSIRT): 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl

These may be referenced from the following CVE(s):

CVE-2016-0702
CVE-2016-0703
CVE-2016-0704
CVE-2016-0705
CVE-2016-0797
CVE-2016-0798
CVE-2016-0799
CVE-2016-0800

The Cisco PSIRT is investigating these issues and will provide an update in accordance with Cisco’s Security Vulnerability Policy:

http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

Information regarding DROWN:

https://www.openssl.org/news/secadv/20160301.txt

Please direct all inquiries to our PSIRT team regarding product questions and vulnerability updates.  The Cisco Product Security Incident Response Team (PSIRT) is responsible for responding to Cisco product security incidents. The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24 hours a day with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.

-Robert

1 Reply 1

vrian_colaba
Level 1
Level 1

Which ASA Firewall Products are affected by this bug CSCuy54558?