cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

RV042 TLS Security Scan Failure

Mike Silva
Level 1
Level 1

Hi,

As part of my business' PCI compliance regime, we are regularly scanned for vulnerabilities.  Today we started getting notifications of failure on all of the QuickVPN ports (443, 60443) for the following:


Details: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability


06/11/12

CVE 2009-3555

Multiple vendors TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process which allows man-in-the-middle attackers to insert data into HTTPS sessions,

and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context.

Cisco, will you be issuing a firmware update to address this anytime in the near future?  Presumably it effects all the other RV routers as well.

Who Me Too'd this topic