Cisco Subnet An independent Cisco community View more

Cisco looking into OpenSSL bugs

Issues advisory on four vulnerabilities affecting multiple products

Bug bounty
Credit: flickr/Nguyen Hung Vu

Cisco published several security advisories and updates this week, most of which were classified medium severity. The most recent involves four OpenSSL vulnerabilities affecting multiple Cisco products.

The vulnerabilities were disclosed this week by the OpenSSL Project. They involve denial of service (DoS), memory leak, and cryptographic protection deficiencies.

A laundry list of Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities, the company says. They could allow an unauthenticated, remote attacker to cause a DoS condition.

Cisco says it is currently evaluating its product line to determine which products may be affected and the impact on each product. The company will release software updates that address the vulnerabilities, and says workarounds to mitigate them are not available.

Affected products will have bug fixes published here.

Cisco will update its security advisory on the condition as additional information becomes available. The company is not aware of any malicious use of the vulnerabilities.

More from Cisco Subnet:

Cisco shifting to a software model

Cisco adds programmability to Internet routers

Cisco CEO not big on spin-ins

Ex-Juniper sibs look to soften up the WAN

What's Juniper Networks to do?

Cisco, Ericsson team as industry consolidates

Users prepare for a software-driven world

Juniper disaggregates even further

PC storage waning, Cisco study finds

Cisco SDN user says just pick what you need

Follow Jim Duffy on Twitter

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.