Summary

• On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities.
  
  DROWN is a cross-protocol attack that actively exploits weaknesses in SSL Version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol.
  
  To execute a successful DROWN attack, the attacker must identify a server that supports both SSLv2 and TLS, and uses the same RSA key pair for both protocols. The attacker must also be able to collect TLS traffic for the server.
  
  This advisory will be updated as additional information becomes available.
  
  This advisory is available at the following link:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl

Affected Products

• Cisco is currently investigating its product line to determine which products may be affected by these vulnerabilities and the impact on each affected product. As the investigation progresses, this document will be updated to include Cisco bug IDs for each affected product. The bugs will be accessible through the Cisco Bug Search Tool and will contain additional platform-specific information, including workarounds (if available) and fixed software versions.
  
  The following products are under active investigation to determine whether they are affected by the vulnerabilities that are described in this advisory.
  
  Products Under Investigation
  
  Unified Computing
  

  • Cisco UCS Invicta Series Solid State Systems

  
  Cisco Hosted Services
  

  • Cisco UCS Invicta Series Autosupport Portal

  Vulnerable Products

  The following table lists Cisco products that are affected by one or more vulnerabilities described in this advisory.
  
  Important: In the following table, an asterisk (*) after the product name indicates a Cisco product that is vulnerable to the DROWN attack. At the time of this publication, 25 Cisco products are known to be vulnerable to the DROWN attack.
  
  

  Product	Cisco Bug ID	Fixed Release Availability
  Collaboration and Social Media
  Cisco MeetingPlace	CSCuy54660
  Cisco SocialMiner	CSCuy74298
  Cisco WebEx Meetings Server versions 1.x	CSCuy54463	2.6.2 (15-Apr-2016)
  Cisco WebEx Meetings Server versions 2.x	CSCuy54463	2.6.2 (15-Apr-2016)
  Cisco WebEx Node for MCS	CSCuy54457
  Endpoint Clients and Client Software
  Cisco Agent for OpenFlow	CSCuy54595
  Cisco AnyConnect Secure Mobility Client for Android	CSCuy54599
  Cisco AnyConnect Secure Mobility Client for Android	CSCuy54600
  Cisco AnyConnect Secure Mobility Client for Linux	CSCuy54599
  Cisco AnyConnect Secure Mobility Client for OS X	CSCuy54599
  Cisco AnyConnect Secure Mobility Client for Windows	CSCuy54599
  Cisco AnyConnect Secure Mobility Client for iOS	CSCuy54599
  Cisco Jabber Guest 10.0(2)	CSCuy54659
  Cisco Jabber Software Development Kit	CSCuy54657
  Cisco Jabber for Android	CSCuy54676
  Cisco Jabber for Mac	CSCuy59818	11.6 (23-Mar-2016) 11.7 (23-Mar-2016)
  Cisco Jabber for Windows	CSCuy62564
  Cisco MMP server	CSCuy54470
  Cisco WebEx Meetings Client - Hosted	CSCuy54468
  Cisco WebEx Meetings Client - On-Premises	CSCuy54461
  Cisco WebEx Meetings for Android	CSCuy54458
  Cisco WebEx Meetings for WP8	CSCuy54460
  JCF components	CSCuy56053	11.6 (23-Mar-2016)
  WebEx Meetings Server - SSL Gateway	CSCuy54464	2.6.2 (15-Apr-2016)
  WebEx Recording Playback Client	CSCuy54467
  Network Application, Service, and Acceleration
  Cisco ACE 30 Application Control Engine Module	CSCuy54474
  Cisco ACE 4710 Application Control Engine (A5)	CSCuy54474
  Cisco Application and Content Networking System (ACNS) (*)	CSCuy54560	5.5.41 (15-Apr-2016)
  Cisco InTracer	CSCuy54435
  Cisco Network Admission Control (NAC)	CSCuy54561
  Cisco Visual Quality Experience Server	CSCuy54558
  Cisco Visual Quality Experience Tools Server	CSCuy54558
  Cisco Wide Area Application Services (WAAS)	CSCuy58094
  Network and Content Security Devices
  Cisco ASA CX and Cisco Prime Security Manager	CSCuy54575	9.3.4.5 (30-May-2016)
  Cisco ASA Next-Generation Firewall Services	CSCuy54572
  Cisco Adaptive Security Appliance (ASA)	CSCuy54567
  Cisco Clean Access Manager	CSCuy54562
  Cisco Content Security Appliance Updater Servers	CSCuy54455
  Cisco Content Security Management Appliance (SMA)	CSCuy53668
  Cisco Email Security Appliance (ESA)	CSCuy53654	10.0 (late June 2016)
  Cisco FireSIGHT System Software	CSCuy54453
  Cisco IPS (*)	CSCuy54601	7.1(11) Patch 2 (Aug. 2016) 7.3(05) Patch 2 (Nov 2016)
  Cisco Identity Services Engine (ISE)	CSCuy54586
  Cisco IronPort Encryption Appliance (IEA)	CSCuy54452	No fix is expected because the product is EoL.
  Cisco NAC Guest Server	CSCuy54564
  Cisco NAC Server	CSCuy54563
  Cisco Physical Access Control Gateway	CSCuy54579
  Cisco Secure Access Control Server (ACS)	CSCuy54597
  Cisco Virtual Security Gateway for Microsoft Hyper-V	CSCuy54498
  Cisco Web Security Appliance (WSA)	CSCuy54456	10.0 (late June 2016)
  Network Management and Provisioning
  Cisco Application Networking Manager	CSCuy54475
  Cisco Application Policy Infrastructure Controller (APIC)	CSCuy54481
  Cisco Cloupia Unified Infrastructure Controller	CSCuy54478	Affected versions will be updated with 5.5 release.
  Cisco Digital Media Manager	CSCuy54532	5.3 (28-Apr-2016) 5.3.6 (28-Apr-2016) 5.3.6(RB1) (28-Apr-2016) 5.3.6(RB2) (28-Apr-2016) 5.4 (28-Apr-2016) 5.4.1 (28-Apr-2016) 5.4.1(RB1) (28-Apr-2016) 5.4.1(RB2) (28-Apr-2016)
  Cisco MATE Collector	CSCuy58728
  Cisco MATE Design	CSCuy58728
  Cisco MATE Live	CSCuy58728
  Cisco Management Appliance (MAP) (*)	CSCuy54443	Affected systems will be updated April 8, 2016.
  Cisco Mobile Wireless Transport Manager	CSCuy54523
  Cisco Multicast Manager	CSCuy54509
  Cisco NetFlow Generation Appliance	CSCuy54519
  Cisco Network Analysis Module	CSCuy54516
  Cisco Packet Tracer	CSCuy54539	7.0 (29-Jul-2016)
  Cisco Policy Suite (CPS)	CSCuy58727	9.1 (30-Apr-2016)
  Cisco Prime Access Registrar	CSCuy54512	7.1 (15-Apr-2016)
  Cisco Prime Collaboration Assurance	CSCuy54522
  Cisco Prime Collaboration Deployment	CSCuy54636
  Cisco Prime Collaboration Provisioning	CSCuy54521	All affected versions have been updated.
  Cisco Prime Data Center Network Manager (DCNM)	CSCuy54479	10.0(1) (April 2016)
  Cisco Prime Home	CSCuy54520
  Cisco Prime IP Express (*)	CSCuy54514
  Cisco Prime Infrastructure Standalone Plug and Play Gateway	CSCuy54517
  Cisco Prime Infrastructure	CSCuy54518
  Cisco Prime LAN Management Solution (LMS - Solaris)	CSCuy54508
  Cisco Prime License Manager	CSCuy54540
  Cisco Prime Network Registrar (CPNR) (*)	CSCuy54510
  Cisco Prime Network Services Controller (*)	CSCuy54525	3.4.2 (30-May-2016)
  Cisco Prime Network	CSCuy54504	4.3 (July 2016)
  Cisco Prime Optical for SPs	CSCuy54513
  Cisco Prime Performance Manager	CSCuy54505	1.7SP4 (27-Apr-2016)
  Cisco Prime Security Manager	CSCuy54569	9.3.4.5 (30-May-2016)
  Cisco Security Manager	CSCuy54524
  Cisco Show and Share (SnS)	CSCuy54542
  Cisco UCS Central	CSCuy54500
  Cisco Unified Intelligence Center (CUIC)	CSCuy74294
  Local Collector Appliance (LCA)	CSCuy54701
  StealthWatch FlowCollector NetFlow
  StealthWatch FlowCollector sFlow
  StealthWatch IDentity
  StealthWatch Management Console (SMC)
  StealthWatch UDP Director (formerly Flow Replicator)
  Routing and Switching - Enterprise and Service Provider
  Cisco 910 Industrial Router	CSCuy54697	SSLv2 is disabled on IR910.
  Cisco ASR 5000 Series	CSCuy54436
  Cisco Connected Grid Router - CGOS (*)	CSCuy54477	16.2(00.192) (7-Apr-2016)
  Cisco Connected Grid Router	CSCuy54626	Affected systems have been upgraded.
  Cisco IOS Software and Cisco IOS XE Software	CSCuy54623
  Cisco IOS XR Software	CSCuy54527
  Cisco MDS 9000 Series Multilayer Switches	CSCuy54488	7.3.1.DX (August 2016) 6.2.17 (June 2016) 7.3.1.NX ( August 2016) 7.0.3.I3 (May 2016) 8.3 (November 2016)
  Cisco Nexus 1000V InterCloud (*)	CSCuy54485	1.0.1f (21-Mar-2016) 1.0.1h4.4 (21-Mar-2016)
  Cisco Nexus 1000V Series Switches (ESX)	CSCuy54492	5.2(1)SV3(2.0.200) (5-Apr-2016)
  Cisco Nexus 3000 Series Switches	CSCuy54488	7.3.1.DX (August 2016) 6.2.17 (June 2016) 7.3.1.NX (August 2016) 7.0.3.I3 (May 2016) 8.3 (November 2016)
  Cisco Nexus 4000 Series Blade Switches	CSCuy54603	4.1(2)E1(1q) (30-Jun-2016)
  Cisco Nexus 5000 Series Switches	CSCuy54488	7.3.1.DX (August 2016) 6.2.17 (June 2016) 7.3.1.NX (August 2016) 7.0.3.I3 (May 2016) 8.3 (November 2016)
  Cisco Nexus 6000 Series Switches	CSCuy54488	7.3.1.DX (August 2016) 6.2.17 (June 2016) 7.3.1.NX (August 2016) 7.0.3.I3 (May 2016) 8.3 (November 2016)
  Cisco Nexus 7000 Series Switches	CSCuy54488	7.3.1.DX (August 2016) 6.2.17 (June 2016) 7.3.1.NX (August 2016) 7.0.3.I3 (May 2016) 8.3 (November 2016)
  Cisco Nexus 9000 (ACI/Fabric Switch)	CSCuy54484	2.0.1x (June 2016)
  Cisco Nexus 9000 Series (standalone, running NX-OS)	CSCuy57853	7.0(3)I4(1) (25-Mar-2016) 7.0(3)I4(0.42) (25-Mar-2016)
  Cisco ONS 15454 Series Multiservice Provisioning Platforms (*)	CSCuy54696
  Cisco OnePK All-in-One VM	CSCuy54577
  Cisco Service Control Operating System	CSCuy54627
  Routing and Switching - Small Business
  Cisco Sx220 Switches	CSCuy54591	1.4.5.1 (May 2016)
  Cisco Sx300 Switches	CSCuy54592	1.4.5.1 (May 2016)
  Cisco Sx500 Switches	CSCuy54593	1.4.5.1 (May 2016)
  Unified Computing
  Cisco Common Services Platform Collector	CSCuy54437	Affected systems have been updated.
  Cisco Standalone Rack Server CIMC	CSCuy54501
  Cisco Unified Computing System (Management software)	CSCuy54576
  Cisco Unified Computing System B-Series (Blade) Servers (*)	CSCuy54499	2.2(3d) and later are not affected. Please upgrade to this version or later for B-Series Servers.
  Cisco Virtual Security Gateway	CSCuy54497
  Voice and Unified Communications Devices
  Cisco 190 ATA Series Analog Terminal Adaptor	CSCuy54633
  Cisco ATA 187 Analog Telephone Adaptor	CSCuy54665
  Cisco Agent Desktop for Cisco Unified Contact Center Express	CSCuy54639
  Cisco Agent Desktop	CSCuy54687
  Cisco Computer Telephony Integration Object Server (CTIOS)	CSCuy54688
  Cisco Emergency Responder	CSCuy54646
  Cisco Finesse	CSCuy54645
  Cisco Hosted Collaboration Mediation Fulfillment	CSCuy54652
  Cisco IM and Presence Service (CUPS)	CSCuy54649
  Cisco IP Interoperability and Collaboration System (IPICS)	CSCuy54549
  Cisco Jabber for iOS	CSCuy54655
  Cisco MediaSense	CSCuy54668
  Cisco Packaged Contact Center Enterprise	CSCuy54689
  Cisco Paging Server (Informacast)	CSCuy54654
  Cisco Paging Server	CSCuy54654
  Cisco SPA112 2-Port Phone Adapter	CSCuy54587
  Cisco SPA122 ATA with Router	CSCuy54587
  Cisco SPA232D Multi-Line DECT ATA	CSCuy54587
  Cisco SPA30X Series IP Phones	CSCuy54590
  Cisco SPA50X Series IP Phones	CSCuy54590
  Cisco SPA51X Series IP Phones	CSCuy54590
  Cisco SPA525G	CSCuy54588
  Cisco TAPI Service Provider (TSP)	CSCuy54635
  Cisco Unified 6901 IP Phones	CSCuy54661
  Cisco Unified 6945 IP Phones	CSCuy54666
  Cisco Unified 7800 Series IP Phones	CSCuy54672
  Cisco Unified 8831 Series IP Conference Phone	CSCuy54663
  Cisco Unified 8945 IP Phone	CSCuy54662
  Cisco Unified 8961 IP Phone	CSCuy54651
  Cisco Unified 9951 IP Phone	CSCuy54651
  Cisco Unified 9971 IP Phone	CSCuy54651
  Cisco Unified Attendant Console Advanced	CSCuy54630
  Cisco Unified Attendant Console Business Edition	CSCuy54630
  Cisco Unified Attendant Console Department Edition	CSCuy54630
  Cisco Unified Attendant Console Enterprise Edition	CSCuy54630
  Cisco Unified Attendant Console Premium Edition	CSCuy54630
  Cisco Unified Attendant Console Standard	CSCuy54631
  Cisco Unified Communications Domain Manager	CSCuy54640	11.5.1 (Aug 2016)
  Cisco Unified Communications Manager (UCM)	CSCuy54634
  Cisco Unified Communications Manager Session Management Edition (SME)	CSCuy54634
  Cisco Unified Communications for Microsoft Lync	CSCuy54641
  Cisco Unified Contact Center Enterprise	CSCuy54688
  Cisco Unified Contact Center Express	CSCuy74300
  Cisco Unified IP Conference Phone 8831 for Third-Party Call Control	CSCuy54629
  Cisco Unified IP Phone 7900 Series	CSCuy54674
  Cisco Unified Intelligent Contact Management Enterprise	CSCuy54688
  Cisco Unified Wireless IP Phone	CSCuy54681	SSLv2 is disabled.
  Cisco Unified Workforce Optimization	CSCuy54680	WFO 10.5 (31-Mar-2016) WFO 11.0 (15-Apr-2016)
  Cisco Unity Connection (UC)	CSCuy54637
  Cisco Virtualization Experience Media Engine	CSCuy54679	11.7 (28-Jul-2016)
  Video, Streaming, TelePresence, and Transcoding Devices
  Cisco AnyRes Live (CAL)	CSCuy54616	9.6.4 (April 2016)
  Cisco DCM Series 9900-Digital Content Manager	CSCuy54502
  Cisco Digital Media Players (DMP) 4300 Series	CSCuy54531	5.4(1) (10-Apr-2016)
  Cisco Digital Media Players (DMP) 4400 Series	CSCuy54531	5.4(1) (10-Apr-2016)
  Cisco Edge 300 Digital Media Player	CSCuy54698	1.6RB4_4 (15-Apr-2016)
  Cisco Edge 340 Digital Media Player	CSCuy54700	Affected systems will be updated by April 15, 2016.
  Cisco Enterprise Content Delivery System (ECDS)	CSCuy54533	2.6.7 (15-Apr-2016)
  Cisco Expressway Series (*)	CSCuy54547
  Cisco Headend System Release (*)	CSCuy54611	1.06 (1-May-2016) 1.1.3 (1-May-2016) 2.0.10 (1-May-2016) 2.1.2 (1-May-2016) 3.0.4 (1-May-2016)
  Cisco Media Experience Engines (MXE) (*)	CSCuy54538
  Cisco Media Services Interface	CSCuy54528
  Cisco Model D9485 DAVIC QPSK (*)	CSCuy54612	1.2.4 (31-Aug-2016)
  Cisco TelePresence 1310 (*)	CSCuy54628
  Cisco TelePresence Conductor	CSCuy54529	SSLv2 is disabled in software versions XC4.0 and later.
  Cisco TelePresence Content Server (TCS)	CSCuy54545
  Cisco TelePresence ISDN GW 3241	CSCuy54534
  Cisco TelePresence ISDN GW MSE 8321	CSCuy54534
  Cisco TelePresence ISDN Link	CSCuy54535
  Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300)	CSCuy54536
  Cisco TelePresence Serial Gateway Series	CSCuy54541
  Cisco TelePresence Server 8710, 7010	CSCuy54546
  Cisco TelePresence Server on Multiparty Media 310, 320	CSCuy54546
  Cisco TelePresence Server on Virtual Machine	CSCuy54546
  Cisco TelePresence Supervisor MSE 8050	CSCuy54537
  Cisco TelePresence System 1000 (*)	CSCuy54628
  Cisco TelePresence System 1100 (*)	CSCuy54628
  Cisco TelePresence System 1300 (*)	CSCuy54628
  Cisco TelePresence System 3000 Series (*)	CSCuy54628
  Cisco TelePresence System 500-32 (*)	CSCuy54628
  Cisco TelePresence System 500-37 (*)	CSCuy54628
  Cisco TelePresence TX 9000 Series (*)	CSCuy54628
  Cisco TelePresence Video Communication Server (VCS) (*)	CSCuy54547
  Cisco VEN501 Wireless Access Point	CSCuy54550
  Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS)	CSCuy54553	4.3.2 (May 2016)
  Cisco Video Surveillance 3000 Series IP Cameras	CSCuy54583
  Cisco Video Surveillance 3000 Series IP Cameras	CSCuy54584	SSLv2 is not supported.
  Cisco Video Surveillance 4000 Series High-Definition IP Cameras	CSCuy54580
  Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras	CSCuy54581
  Cisco Video Surveillance 6000 Series IP Cameras	CSCuy54583
  Cisco Video Surveillance 6000 Series IP Cameras	CSCuy54584	SSLv2 is not supported.
  Cisco Video Surveillance 7000 Series IP Cameras	CSCuy54583
  Cisco Video Surveillance 7000 Series IP Cameras	CSCuy54584	SSLv2 is not supported.
  Cisco Video Surveillance Media Server	CSCuy54585	7.8 (1-Jul-2016)
  Cisco Video Surveillance PTZ IP Cameras	CSCuy54583
  Cisco Video Surveillance PTZ IP Cameras	CSCuy54584	SSLv2 is not supported.
  Cisco Videoscape Control Suite	CSCuy54551	3.6.0 (30-Apr-2016)
  Cloud Object Store (COS) (*)	CSCuy54552	3.8.0 (30-Mar-2016)
  Tandberg Codian ISDN GW 3210/3220/3240	CSCuy54534
  Tandberg Codian MSE 8320 model	CSCuy54534
  Wireless
  Cisco Aironet 2700 Series Access Point	CSCuy54506
  Cisco Mobility Services Engine (MSE)	CSCuy58090
  Cisco Wireless LAN Controller (WLC) (*)	CSCuy58091	8.0 (April 2016) 8.3 (May 2016)
  Cisco Hosted Services
  Cisco Intelligent Automation for Cloud	CSCuy54548
  Cisco Proactive Network Operations Center	CSCuy54441
  Cisco Registered Envelope Service (CRES)	CSCuy54451
  Cisco Services Provisioning Platform (SPP)	CSCuy54682
  Cisco Smart Care	CSCuy54565
  Cisco Universal Small Cell 5000 Series running V3.4.2.x software	CSCuy54610
  Cisco Universal Small Cell 7000 Series running V3.4.2.x software	CSCuy54610
  Cisco Universal Small Cell usc-iuh	CSCuy54608
  Cisco WebEx Connect client (Windows)	CSCuy54465
  Cisco WebEx Meeting Center	CSCuy54473
  Cisco WebEx Meetings (Meeting Center, Training Center, Event Center, Support Center)	CSCuy54472
  Cisco WebEx Messenger Service	CSCuy54466
  Network Health Framework (NHF)	CSCuy54702
  Network Performance Analytics (NPA)	CSCuy54703
  Partner Supporting Service (PSS) 1.x	CSCuy54568
  Serial Number Assessment Service (SNAS)	CSCuy54571
  Services Analytic Platform	CSCuy54445
  Small Cell factory recovery root filesystem V2.99.4 or later	CSCuy54607

  Products Confirmed Not Vulnerable

  Cisco has confirmed that the vulnerabilities described in this advisory do not affect the following Cisco products.
  
  Endpoint Clients and Client Software
  

  • Cisco WebEx Meetings for BlackBerry
  • Cisco WebEx Productivity Tools

  
  Network and Content Security Devices
  

  • Cisco ASA Content Security and Control (CSC) Security Services Module

  
  Network Management and Provisioning
  

  • Cisco Configuration Professional
  • Cisco Prime LAN Management Solution (LMS - Windows and Linux)
  • Cisco Prime Network Registrar IP Address Manager (IPAM)

  
  Routing and Switching - Enterprise and Service Provider
  

  • Cisco Broadband Access Center Telco Wireless
  • Cisco IOS XE (SSL VPN feature)

  
  Voice and Unified Communications Devices
  

  • Cisco 7937 IP Phone
  • Cisco 8800 Series IP Phones - VPN Feature
  • Cisco DX Series IP Phones
  • Cisco Remote Silent Monitoring
  • Cisco SPA8000 8-Port IP Telephony Gateway
  • Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports
  • Cisco Unified E-Mail Interaction Manager
  • Cisco Unified SIP Proxy
  • Cisco Unified Web Interaction Manager
  • Cisco Virtual PGW 2200 Softswitch
  • Cisco Voice Portal (CVP)

  
  Video, Streaming, TelePresence, and Transcoding Devices
  

  • Cisco AnyRes VOD (CAL)
  • Cisco D9859 Advanced Receiver Transcoder
  • Cisco TelePresence EX Series
  • Cisco TelePresence MX Series
  • Cisco TelePresence Profile Series
  • Cisco TelePresence SX Series
  • Cisco TelePresence Integrator C Series

  
  Cisco Hosted Services
  

  • Cisco Cloud Web Security
  • Cisco Connected Analytics For Collaboration
  • Cisco One Portal
  • Cisco SmartConnection
  • Cisco SmartReports
  • Cisco Unified Services Delivery Platform (CUSDP)
  • Communication/Collaboration Sizing Tool, Virtual Machine Placement Tool, Cisco Unified Communications Upgrade Readiness Assessment
  • Life Cycle Management Agent Manager (LCM)

  
  

Details

• The names and associated Common Vulnerabilities and Exposures (CVE) IDs for the vulnerabilities that were disclosed on March 1, 2016, in the OpenSSL Software Foundation security advisory are as follows.
  
  Multiple Vendor SSL/TLS Implementation DROWN Information Disclosure Vulnerability
  
  A vulnerability in multiple vendor products using SSL/TLS could allow an unauthenticated, remote attacker to conduct a Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) cross-protocol attack and gain access to sensitive information.
   
  The vulnerability is due to an implementation error in the SSLv2 protocol that could allow the use of weak Rivest, Shamir, and Adleman (RSA) cipher suites within Transport Layer Security (TLS). An attacker could exploit this vulnerability by intercepting traffic between a targeted system and a vulnerable SSLv2 server that uses the same private key to observe and possibly decrypt one of the connections. The attacker could return the decrypted ciphertext to the targeted server and, judging by the server's responses, determine the secret keys used within the encrypted communication. An exploit could allow the attacker to decrypt the TLS session between the targeted client and SSLv2 server, which the attacker could leverage to gain access to sensitive information.
  
  This vulnerability has been assigned the following CVE ID: CVE-2016-0800
  
  OpenSSL Bleichenbacher Protection Security Bypass Vulnerability
  
  A vulnerability in the SSLv2 protocol implementation in OpenSSL could allow an unauthenticated, remote attacker to bypass security restrictions.
  
  The vulnerability is due to improper implementation of the Bleichenbacher protection for export cipher suites by the affected software. An attacker could exploit this vulnerability to establish a Bleichenbacher oracle, which could aid at conducting more variants of the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack.
  
  This vulnerability has been assigned the following CVE ID: CVE-2016-0704
  
  OpenSSL SSLv2 master-key Recovery Information Disclosure Vulnerability
  
  A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to gain access to sensitive information.
  
  The vulnerability is due to improper security restrictions implemented by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by intercepting the communication traffic. A successful exploit could allow an attacker to gain access to sensitive information on a targeted system.
  
  This vulnerability has been assigned the following CVE ID: CVE-2016-0703
  
  OpenSSL Digital Signature Algorithm Private Key Processing Double Free Vulnerability
  
  A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
  
  The vulnerability is due to improper parsing of malformed Digital Signature Algorithm (DSA) private keys by the affected software. An attacker could exploit this vulnerability by persuading a user of an application that uses a vulnerable version of OpenSSL to connect to an attacker-controlled server in an attempt to exchange malformed DSA private keys with the application. An exploit could cause a double free memory corruption condition that the attacker could leverage to cause a DoS condition.
  
  This vulnerability has been assigned the following CVE ID: CVE-2016-0705
  
  OpenSSL SRP_VBASE_get_by_user Method Memory Leak Vulnerability
  
  A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
  
  The vulnerability is due to improper memory handling. An unauthenticated, remote attacker could exploit the vulnerability by sending malicious login requests to the SRP user database. A successful exploit could allow the attacker to cause a memory leak on the affected system, resulting in a DoS condition.
  
  This vulnerability has been assigned the following CVE ID: CVE-2016-0798
  
  OpenSSL BN_hex2bn and BN_dec2bn Functions NULL Pointer Dereference Vulnerability
  
  A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
  
  The vulnerability is due to improper memory operations performed by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by submitting a crafted input to be processed by the affected software. A successful exploit could allow an attacker to cause the application to stop intermittently, leading to a DoS condition.
  
  This vulnerability has been assigned the following CVE ID: CVE-2016-0797
  
  OpenSSL BIO_*printf Functions Out of Bounds Memory Read Vulnerability
  
  A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to gain access to sensitive information.
  
  The vulnerability is due to improper bounds-checks performed by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by submitting a crafted input to be processed by the affected software. A successful exploit could allow an attacker to gain access to sensitive information on a targeted system.
  
  This vulnerability has been assigned the following CVE ID: CVE-2016-0799 and CVE-2016-2842
  
  OpenSSL RSA Cryptographic Key Recovery Vulnerability
  
  A vulnerability in OpenSSL could allow an unauthenticated, local attacker to gain access to sensitive information.
  
  The vulnerability is due to improper memory management performed by the affected software. An unauthenticated, local attacker could exploit this vulnerability by injecting a malicious code in the affected software. A successful exploit could allow an attacker to gain access to sensitive information on a targeted system.
  
  This vulnerability has been assigned the following CVE ID: CVE-2016-0702
  
  

Workarounds

• Any workarounds will be documented in the Cisco bugs, which are accessible through the Cisco Bug Search Tool.

Fixed Software

• Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
  
  http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
  
  Additionally, customers may only download software for which they have a valid license, procured from Cisco directly or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
  
  When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
  
  In all cases, customers should ensure that the devices to upgrade contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
  
  Customers Without Service Contracts
  
  Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC):
  
  http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
  
  Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

Exploitation and Public Announcements

• The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory.
  

Source

• These vulnerabilities were publicly disclosed by the OpenSSL Software Foundation on March 1, 2016.
  
  The DROWN attack was independently reported to the Cisco PSIRT by Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, Shaanan Cohney, Susanne Engels, Christof Paar and Yuval Shavitt. Cisco would like to thank them for reporting the attack and working with us to coordinate disclosure of it.
  

URL

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl

Revision History

• Version	Description	Section	Status	Date
  2.2	Updated the list of vulnerable products.	Affected Products, Vulnerable Products	Interim	2016-May-23
  2.1	Updated the lists of products under investigation, vulnerable, and not vulnerable.	Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable	Interim	2016-May-11
  2.0	Updated the lists of products under investigation, vulnerable, and not vulnerable.	Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable	Interim	2016-May-02
  1.9	Updated the lists of products under investigation or vulnerable.	Affected Products, Vulnerable Products	Interim	2016-April-11
  1.8	Updated the lists of products under investigation, vulnerable, and not vulnerable.	Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable	Interim	2016-April-01
  1.7	Updated the lists of products under investigation, vulnerable, and not vulnerable.	Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable	Interim	2016-March-18
  1.6	Updated the lists of products under investigation, vulnerable, and not vulnerable.	Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable	Interim	2016-March-15
  1.5	Updated the lists of products under investigation, vulnerable, and not vulnerable.	Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable	Interim	2016-March-10
  1.4	Updated the lists of products under investigation, vulnerable, and not vulnerable.	Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable	Interim	2016-March-09
  1.3	Updated the lists of products under investigation, vulnerable, and not vulnerable.	Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable	Interim	2016-March-08
  1.2	Updated the lists of products under investigation, vulnerable, and not vulnerable.	Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable	Interim	2016-March-04
  1.1	Updated the lists of products under investigation, vulnerable, and not vulnerable.	Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable	Interim	2016-March-03
  1.0	Initial public release.	—	Interim	2016-March-02

  Show Less