Solved: Hi Govind,Unfortunately there

govindprashad · ‎08-18-2016

Does anyone has an idea about the progress for the bug fund in open ssl.

This product includes a version of OpenSSL that is affected by the vulnerability identified by one or more of the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz52363

Mohit Soni · ‎08-18-2016

Hi Govind,

Unfortunately there is no workaround available to mitigate against this vulnerability at this time however from above mentioned defect page, you can click on "Add Notification" to receive updates via notifications email regarding status changes of this defect. This will allow you to know the workaround or when there has been a fixed version of AsyncOS released.

Regards,
Mohit Soni

View solution in original post

Mohit Soni · ‎08-18-2016

Hi Govind,

Unfortunately there is no workaround available to mitigate against this vulnerability at this time however from above mentioned defect page, you can click on "Add Notification" to receive updates via notifications email regarding status changes of this defect. This will allow you to know the workaround or when there has been a fixed version of AsyncOS released.

Regards,
Mohit Soni

viniciusreis · ‎10-24-2016

Hi guys!

some progress?

Regards,

Vinicius Reis

Libin Varghese · ‎10-24-2016

Vinicius,

As per the below link

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

Async OS 10.5 for Cisco Email Security Appliance would carry a fix and current ETA is Dec 2016.

Thanks

Libin Varghese

Evaluation of esa for OpenSSL May 2016