cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1165
Views
0
Helpful
8
Replies

firewall

Hi Guys,

  It seems there is a openssl Vulnerability for ASA. How to patch it, for ASA version 9.4.1 and is there any software update for it.

Regards,

G.Pitchaimani

8 Replies 8

Rishabh Seth
Level 7
Level 7

Hi, 

Could you please share the CVE id of the vulnerability which you are trying to patch.

Thanks,

RS

Hi,

The CVE id for 6 vulnerabilities listed below,
First,four of them may cause memory corruption or excessive memory usage, 2nd one, could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, 3rd one, is specific to a product performing an operation with Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding.
CVE-2016-2105
CVE-2016-2106
CVE-2016-2107
CVE-2016-2108
CVE-2016-2109
CVE-2016-2176
Kindly, tell me how to patch it in the cisco ASA 5585 with the OS of 9.4.1
Regards,
G.Pitchaimani

Hi,

Cisco ASA running release 9.0 or later may be affected by the following vulnerabilities.

Exposure is not configuration dependent.

Padding oracle in AES-NI CBC MAC check CVE-2016-2107

Memory corruption in the ASN.1 encoder CVE-2016-2108

ASN.1 BIO excessive memory allocation CVE-2016-2109

The ASA is not affected by the following vulnerabilities:

EVP_EncodeUpdate overflow CVE-2016-2105

EVP_EncryptUpdate overflow CVE-2016-2106

EBCDIC overread CVE-2016-2176

So while the ASA is not affected by the last 3, it may be affected by the first 3. There is no fixed version available yet but its being tracked via a Sev2 defect, so we should have the fix soon:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz52474/?reffering_site=dumpcr

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Hi, Ok. So, when shall i expect the updates for these vulnerabilities Regards, G.Pitchaimani

Hi,

This being a Severity 2 bug expect a fix soon on this.

Apologies but I do not have an exact ETA for this.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Hi,

  Is there any patch came for these vulnerabilities.

Regards,

G.Pitchaimani

Hi, 

  Is there any update on OpenSSL vulnerabilities. Is there any patch available for OpenSSL Vulnerabilities.

Regards,

G.Pitchaimani

Hi,

The bug has been resolved and the fixed versions are listed in the bug details.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz52474/?reffering_site=dumpcr

You can upgrade to the fixed versions to overcome this bug impact.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Review Cisco Networking for a $25 gift card