04-19-2022 12:14 AM
Hello all,
with reference to CVE-2022-0778, how can I verify the opennssl version on Cisco ESA Ironport devices, type C390 or C395, running AsyncOS Version 12.5.?
I was given the following Bug ID, but I cannot access this resource with my account:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb25775
Further I was recommended to run the command "openssl version" on the Command Line, but this command is unknown on the ESA CLI.
Many thanks in advance
Regards, Hakan
04-19-2022 05:05 AM
That command doesn't work in regular CLI available to administrators, it's a freebsd/linux command that works if there's backend/remote access to the device which is restricted to TAC only.
This bug is set to "customer-visible" and you should be able to see it. Try it again.
Just to give you a gist, ESA and SMA is running a version of OpenSSL which is vulnerable to CVE-2022-0778 but the fix is yet to released.
I would suggest working with TAC or subscribe to the bug to get updates on when the fix would be available.
04-19-2022 05:32 AM
Many thanks. Actual, I can access the Bug now. This was not the case some hours before.
The bug lists two versions as "known affected": 14.0.0-698 and 13.5.1(Renaissance)-277
We're running 12.5. Are you sure, our version is affected?
Where is this documented?
Is there a way to verify the openssl version other than with the linux command?
Thanks in advance / regards, Hakan
04-19-2022 05:42 AM
14.X.X being the latest release train, still runs openssl version 1.0.2. Though I haven't necessarily looked into an ESA with 12.5 I am positive its running a vulnerable version too.
Here's a document confirming the OpenSSL version used on AsyncOS 12 - https://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa12-0/AsyncOS_12-0_for_Cisco_Email_Security_Appliances.pdf (search openssl or openssl 1.0.2)
I remember trying to tamper with nmap to identify an openssl version, but couldn't figure out a way to identify it on a remote machine.
04-19-2022 05:47 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide