Cisco reports that among

arvind225 · ‎09-02-2015

Hi Team,

With reference to bug ids CSCut46019 & CSCuu83280, we found that below are mentioned as known affected versions.

Our ASA devices are running with 9.1.6.1, its not mentioned either in affected version nor in fixed version.

So whats the conclusion here? is it vulnerable or not?

Known Affected Releases:

(17)

7.2(1)

8.2(1)

8.2(5)

8.4(1)

8.5(1)

8.6(1)

8.7(1)

9.0

9.0(1)

9.1(1)

9.2(1)

9.3(2)

9.3(2.200)

9.4(1)

9.5(1.200)

9.5(2)

99.1

Known Affected Releases:

(9)

8.2(5)

8.4(1)

8.5(1)

8.6(1)

8.7(1)

9.0

9.1(1)

9.2(1)

9.3(2)

Marvin Rhoads · ‎09-06-2015

You are running an interim release. One of the definitions of an interim release is that it will not necessarily be regression tested against every identified bug.

CSCut46019 is first fixed in 9.1(6) train with 9.1(6.2). Reference. So your version is affected by it.

CSCuu83280 is identified as fixed in 9.1(6.7). Reference. So the same thing - the bug applies to your version.

9.1(6.8) is a currently recommended version, so you would be well-advised to upgrade to that.

Panagiotis Koumarianos · ‎09-29-2015

Cisco reports that among "Known Fixed Releases" for bug CSCuu83280 is version 9.0.4.36. But in the download section there is no such thing. Does anyone know when this is going to be released?

Identifing ASA version for MARCH 2015 OpenSSL & OpenSSL June 2015 Vulnerabilities