Cisco looking into OpenSSL bugs

Issues advisory on four vulnerabilities affecting multiple products

Bug bounty
flickr/Nguyen Hung Vu

Cisco published several security advisories and updates this week, most of which were classified medium severity. The most recent involves four OpenSSL vulnerabilities affecting multiple Cisco products.

The vulnerabilities were disclosed this week by the OpenSSL Project. They involve denial of service (DoS), memory leak, and cryptographic protection deficiencies.

A laundry list of Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities, the company says. They could allow an unauthenticated, remote attacker to cause a DoS condition.

Cisco says it is currently evaluating its product line to determine which products may be affected and the impact on each product. The company will release software updates that address the vulnerabilities, and says workarounds to mitigate them are not available.

Affected products will have bug fixes published here.

Cisco will update its security advisory on the condition as additional information becomes available. The company is not aware of any malicious use of the vulnerabilities.

More from Cisco Subnet:

Cisco shifting to a software model

Cisco adds programmability to Internet routers

Cisco CEO not big on spin-ins

Ex-Juniper sibs look to soften up the WAN

What's Juniper Networks to do?

Cisco, Ericsson team as industry consolidates

Users prepare for a software-driven world

Juniper disaggregates even further

PC storage waning, Cisco study finds

Cisco SDN user says just pick what you need

Follow Jim Duffy on Twitter

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)