HP Cisco Catalyst Blade Switch 3020 Release Notes for the Cisco Catalyst Blade - Page 18

Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999

Get HP Cisco Catalyst Blade Switch 3020 PDF manuals and user guides View all HP Cisco Catalyst Blade Switch 3020 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 18 highlights

Resolved Caveats Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml. A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml. • CSCsc30733 This error message no longer appears during authentication when a method list is used and one of the methods in the method list is removed: AAA-3-BADMETHODERROR:Cannot process authentication method 218959117 • CSCsd85587 A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password). Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information. The vulnerable cryptographic library is used in the following Cisco products: - Cisco IOS, documented as Cisco bug ID CSCsd85587 - Cisco IOS XR, documented as Cisco bug ID CSCsg41084 - Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999 - Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348 - Cisco Firewall Service Module (FWSM) This vulnerability is also being tracked by CERT/CC as VU#754281. Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml. Note Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml. Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(37)SE and Later 18 OL-12577-03

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
18
Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(37)SE and Later
OL-12577-03
Resolved Caveats
Note
Another related advisory has been posted with this advisory. This additional advisory also
describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is
available at the following link:
.
A combined software table for Cisco IOS is available to aid customers in choosing a software
releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is
available at the following link:
.
CSCsc30733
This error message no longer appears during authentication when a method list is used and one of
the methods in the method list is removed:
AAA-3-BADMETHODERROR:Cannot process authentication method 218959117
CSCsd85587
A vulnerability has been discovered in a third party cryptographic library which is used by a number
of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation
One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some
cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials
(such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
Cisco IOS, documented as Cisco bug ID CSCsd85587
Cisco IOS XR, documented as Cisco bug ID CSCsg41084
Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999
Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348
Cisco Firewall Service Module (FWSM)
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There
are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
.
Note
Another related advisory is posted together with this Advisory. It also describes vulnerabilities
related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is
available at
and
can be used to choose a software release which fixes all security vulnerabilities published as of
May 22, 2007. The related advisory is published at
.