Cisco IOS XE is vulnerable to CVE-2014-0160 - aka Heartbleed CSCuo19730 on Cisco 4500E IOS XE?

Similar Messages

• Cisco Security Manager is vulnerable to CVE-2014-0160 - aka Heartbleed

  Dear All,
                We have CSM 4.4.0 SP2 patch 1 installed with no default configuration.
  According to cisco, CSM is under Vulnerable Products list with cisco bug ID CSCuo19265. 
  Do I need to take any action for my CSM ?
  Thanks & Regards
  Ahmed...

  Im not sure if that's true. the release notes don't state anything about fixing that big. and also looking at the opensource licenses PDF for 4.6.0 it states OpenSSL version: 1.0.1e (which is the same version as 4.5.0 and all versions 1a through 1f are vulnerable).
  I would find it very odd they didn't fix it considering it was released just yesterday.

• Are any versions of Firefox susceptable to Heartbleed bug CVE-2014-0160 ?

  Do any versions of Firefox use OpenSSL?
  if so, which versions of Firefox would be vulnerable to the Heartbleed bug CVE-2014-0160 that has recently been identified.
  As covered in:
  http://heartbleed.com/
  http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

  An interesting article on the Heartbleed vulnerability and its probable extent
  * http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/

• Bash vulnerability bash CVE-2014-6271 on Cisco devices

  Hi, all,
  Anybody know whether any Cisco devices are vulnerable to  recent bash CVE-2014-6271? I am especially concerned about ASA which opens https to the public.
  Thanks,

  Have a look here: 
  http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_Bash_09252014.html
  and here:
  http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  Under affected products. 

• Telepresence endpoint evaluation for CVE-2014-6271 and CVE-2014-7169 aka "Shellshock"

  Please refer to the Cisco Security Advisory for more information.
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  BUG ID: CSCur02591
  /Magnus

  Hi Magnus,
  Is blocking the management ports (HTTP/HTTPS/SSH/Telnet/basically everything under port 1024) sufficient to mitigate this issue for TelePresence systems?
  Or is the issue also present on the SIP and H.323 ports?

• CSCur27617: AnyConnect vulnerable to POODLE attack (CVE-2014-3566) Win/Mac/Linux Question

  CSCur27617: AnyConnect vulnerable to POODLE attack (CVE-2014-3566) Win/Mac/Linux
  I wanted to know if the AnyConnect Secure Mobility Client would still be vulnerable to this if it was only connecting via SSL VPN (TLS) to an ASA that already has the workaround implemented on it (Disable SSLv3)?
  Thanks,
  Rob Miele

  Hi Rob , 
  According to the bug: 
  All versions of desktop AnyConnect for Mac OS X and Linux prior to 3.1.00495 are vulnerable , so Anyconnect 3.1.06.073 is safe from POODLE vulnerability 
  On the Anyconnect you can disable the SSL using Ikev2 instead of the SSL protocols , however as the bug mention , the client creates a paralel ssl tunnel to get updates and profile from the router.
  If you're asking to disable SSLv3 on the router , unfortunately there is not code yet , the workaround is to disable the webvpn or upgrade the VPN client.
  As well here is the officil advisory for the POODLE vulnerbility on Cisco Products.
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
  Hope it helps
  - Randy - 

• [CVE-2014-6271] IronPort appliances affected by recent bash vulnerability?

  http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x
  Discussion?

  Cisco has issued an official PSIRT notice for the GNU Bash Environmental Variable Command Injection Vulnerability (CVE-2014-6271), please refer all inquiries to:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  Please refer to the expanded "Affected Products".
  The following Cisco products are currently under investigation:
  Cable Modems
  Cisco CWMS
  Network Application, Service, and Acceleration
  Cisco ACE GSS 4400 Series Global Site Selector
  Cisco ASA
  Cisco GSS 4492R Global Site Selector
  Network and Content Security Devices
  Cisco IronPort Encryption Appliance
  Cisco Ironport WSA
  Routing and Switching - Enterprise and Service Provider
  Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500
  Cisco ISM
  Cisco NCS6000
  Voice and Unified Communications Devices
  Cisco Finesse
  Cisco MediaSense
  Cisco SocialMiner
  Cisco Unified Contact Center Express (UCCX)
  Products and services listed in the subsections below have had their exposure to this vulnerability confirmed. Additional products will be added to these sections as the investigation continues.

• NX-OS ( n7000-s1-dk9.5.1.3.bin ) BASH VULNERABILITY - CVE-2014-6271 and CVE-2014-7169

  Hi ,
  Nexus 7000 evaluation for CVE-2014-6271 and CVE-2014-7169 , I am referring below link to check for NX OS  - n7000-s1-dk9.5.1.3.bin
  https://tools.cisco.com/bugsearch/bug/CSCur04856
  5.1.3 is not mentioned in the affected list.Need help to know if 5.1 is affected with BASH Vulnerability .
  Thanks for help in advance .

  The concern with the bash shell is that services MAY be setup to run as
  users which use those shells, and therefore be able to have things
  injected into those shells. Nothing on NetWare uses bash by default,
  because NetWare is not anything like Linux/Unix in its use of shells.
  Sure, you can load bash for fun and profit on NetWare, but unless you
  explicitly request it the bash.nlm file is never used. On NetWare I do
  not think it is even possible to have any normal non-Bash environment
  variable somehow be exported/inherited into a bash shell, though I've
  never tried.
  Good luck.
  If you find this post helpful and are logged into the web interface,
  show your appreciation and click on the star below...

• CSCuq79267 - UCS Apache 2.2 Vulnerability CVE-2014-0118

  I too am seeing this same behavior. Nessus has found this, and 3 other, vulnerabilities with the Apache version provided by the UCS platform.
  Any fixes in the works? We are currently running firmware 2.2(3c). The release notes for 2.2(3d) and 2.2(3e) do not address CVE-2014-0118.
  EDIT:
  2.2(3f) also does not address these vulnerabilities. Does the UCS version of Apache use the modules that are found faulty according to Nessus?
  Nessus is also reporting the following CVEs related to this one: CVE-2013-6438, CVE-2014-0098, CVE-2013-5704, CVE-2014-0226, and CVE-2014-0231.

  Hi,
  Please refer this links,
  Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
  https://rhn.redhat.com/errata/RHSA-2015-0090.html
  Regards,
  S27

• Schannel and TLS 1.x padding vulnerability (CVE-2014-8730)

  Hi all,
  Is the implementation of TLS by Microsoft Secure Channel (Schannel) (http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx) affected by "CVE-2014-8730 TLS 1.x padding vulnerability"?
  Please see the following links for more details about this vulnerability:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730
  https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
  Is there a confirmation from Microsoft that Schannel is not affected by this vulnerability?
  Regards,
  Sanjay

  No, Microsoft SChannell is not affected.Only F5 products are affected:
  http://www.securityfocus.com/bid/71549
  Vadims Podāns, aka PowerShell CryptoGuy
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell File Checksum Integrity Verifier tool.
  i know some Windows 2008 System which are affected?! Why?

• OpenSSL vulnerability CVE-2014-0224

  My customer want to know whether ASE is affected by the following OpenSSL vulnerability in http://www.openssl.org/news/secadv_20140605.txt
        SSL/TLS MITM vulnerability (CVE-2014-0224),
        DTLS recursion flaw (CVE-2014-0221)
        DTLS invalid fragment vulnerability (CVE-2014-0195)
        SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
        SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
        Anonymous ECDH denial of service (CVE-2014-3470)
  Can you help me to confirm the above question?

  You have clearly double posted this question in two groups.
  So the first question goes back to you.
  Are you Running SAP Applications on ASE, if so this is not the proper group?

• Bash CVE-2014-6271 Vulnerability

  Excuse me if this was already posted. I searched title's only for bash and 6271 and didn't see any results.
  Cut and paste from CVE-2014-6271 Bash vulnerability allows remote execution arbitrary code:
  This morning a flaw was found in Bash with the way it evaluated certain environment variables. Basically an attacker could use this flaw to override or bypass environment restrictions to execute shell commands. As a result various services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
  Details on CVE-2014-6271 from the MITRE CVE dictionary and NIST NVD (page pending creation).
  I’m currently patching servers for this. The issue affects ALL products which use Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by applications. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such!
  To test if your version of Bash is vulnerable run the following command:
  env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  If that command returns the following:
  vulnerable this is a test
  …then you are using a vulnerable version of Bash and should patch immediately. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
  bash: warning: x: ignoring function definition attempt
  bash: error importing function definition for `x'
  this is a test
  Arch Linux CVE-2014-6271 patch:
  pacman -Syu
  Last edited by hydn (2014-09-28 20:57:41)

  On a related note.  I post this here as it might be of interest to some members....
  I just checked my DD-WRT based router for this vulnerability.   It comes stock with Busybox and does not seem to be vulnerable, but...   I keep bash on a separate partition which gets mounted on /opt.  That bash is vulnerable.  Until the DD-WRT project catches up, I suggest anyone using that router firmware consider disabling Bash for the time being and stick with BB.
  Also, as another aside, ArchArm has this fix in place now and is safely running on my Raspberry Pi.   
  I did kill the ssh service on the Windows Box that let me into bash via Cygwin.  Cygwin Bash is vulnerable as of when I began this post.
  Last edited by ewaller (2014-09-25 18:26:18)

• Bash patch did not fix vulnerability CVE-2014-7169, please fix

  The latest patch for Bash bug that I just installed for Mavericks took care of the CVE-2014-6172 vulnerability though from my testing CVE-2014-7169 is still vulnerable.  Please fix all Bash vulnerabilities soon.

  Apple is on record as saying:
  The vast majority of OS X users are not at risk to recently reported bash vulnerabilities," an Apple spokesperson told iMore. "Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services.
  You do not appear to be running any of these advanced UNIX services, so can you tell us exactly what your concern is?
  Also, my testing shows that CVE-2014-7169 is fixed by using this test:
  env X='() { (a)=>\' sh -c "echo date"; cat echo; rm ./echo
  Did you forget to delete the file "echo" from your home folder by any chance?

• Is this product have shell shock (CVE-2014-6271) vulnerability

  There is world wide shell shock (CVE-2014-6271) vulnerability. Is there any impact on Firefox versions ?If yes, what are the versions effected this ? And what are the plans to deliver fixes for this vulnerabilities from Firefox ?

  Correct, in response to the escalation tag, I confirmed with the security team that this has nothing to do with Firefox.
  It was warned that the bash shellshock was more of a worry. However there [cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568] and [https://www.mozilla.org/security/announce/2014/mfsa2014-73.html]

• Windows Server 2008 CVE-2014-8730 vulnerability

  We've received our monthly vulnerability scan results on our production servers running Windows Server 2008 R2.
  They are showing vulnerability to TSL POODLE, which is the subject of CVE-2014-8730.
  In this article on Qualys, there is mention that Windows Server 2008 is vulnerable but Microsoft have not taken any action yet:
  https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
  Microsoft - We've seen reports that some older platforms (e.g., Windows 2008) appear vulnerable, but no apparent patterns or reliable information so far.
  Is there any update on this issue as it's an exploitable vulnerability we would like to remediate.
  Thanks,
  Lyndon.

  Hi Vivian,
  The article cited is about a different issue.
  In October 2014 there was an SSL v3 POODLE vulnerability, we have resolved this issue by disabling SSL v3 (as recommended).
  The article your posted specifically references that issue (the article was published in October 2014).
  In December 2014 there was another POODLE vulnerability announced that affected the TLS protocol.
  A lot of major vendors have published patches for this issue, but Microsoft are yet do do so (as far as I know).
  Hence by original question that has not been answered yet.
  Regards,
  Lyndon.