Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

OpenSSL Version Rollback and Weak Cryptographic Algorithm Vulnerabilities

Cisco-SA-20051012-CVE-2005-2969 · Medium · Published · Updated

OpenSSL contains vulnerabilities that could allow an unauthenticated, remote attacker to bypass security restrictions. The first vulnerability (CVE-2005-2969) affects any application using a SL/TLS server implementation provided by OpenSSL versions 0.9.7g and prior.  If these implementations have options designed to mitigate third party bugs enabled, a remote attacker conducting a man-in-the-middle attack could force connections between the hosts to use the 2.0 version of the SSL protocol.  A known cryptographic weaknesses exists in the SSL 2.0 protocol. The second vulnerability (CVE-2005-2946) exists in the default configuration of OpenSSL versions prior to 0.9.8a.  This configuration creates message digests using MD5.  Weaknesses in the cryptographic algorithm could allow a remote attacker to forge certificates with valid certificate authority signatures. OpenSSL confirmed this vulnerability in a security advisory and released updates. Attackers are unlikely to exploit these vulnerabilities due to the man-in-the-middle attack vector.  Such attacks are very difficult to perform due to the requirement of intercepting and modifying traffic between two hosts in real time.  Man-in-the-middle attack are typically only useable by an attacker with physical access to the devices or connections between a customer and service provider. There have been a number of demonstrations recently of weaknesses in the MD5 algorithm.  While MD5 is technically broken, it is not insecure.  It is unlikely that an attacker could successfully create an MD5 collision for use in signing a fake certificate. Administrators should not take particular concern with either of these issues.  Administrators may consider waiting to update productions systems until full testing of the updated version is complete.  If concern of these issues does arise, administrators may consider removing the IE 3.x compatibility flag.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate update.

Administrators are advised to disable the 2.0 version of the SSL protocol in OpenSSL applications.

Administrators may consider removing the affected flags to mitigate the SSL rollback vulnerability.

CVEsCVE-2005-2946, CVE-2005-2969
Cisco Bug IDsNA
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:M/C:P/I:P/A:N/E:U/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source
Cisco PIX Firewall Software, Cisco GSS Global Site Selector, CiscoWorks Common Services (CS), Cisco IOS XR Software, Cisco Mainframe Channel Connection, Cisco Wireless Control System (WCS) Software, Cisco Adaptive Security Appliance (ASA) Software 7.0.1, Cisco Adaptive Security Appliance (ASA) Software 7.0.1.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.4.2, Cisco Adaptive Security Appliance (ASA) Software 7.0.2, Cisco Adaptive Security Appliance (ASA) Software 7.0.3, Cisco Adaptive Security Appliance (ASA) Software

Related Products

Product CVE Evidence
CiscoWorks Common Services (CS) CVE-2005-2946 Cisco OpenVuln
CiscoWorks Common Services (CS) CVE-2005-2969 Cisco OpenVuln
Cisco Wireless Control System (WCS) Software CVE-2005-2946 Cisco OpenVuln
Cisco Wireless Control System (WCS) Software CVE-2005-2969 Cisco OpenVuln
Cisco PIX Firewall Software CVE-2005-2946 Cisco OpenVuln
Cisco PIX Firewall Software CVE-2005-2969 Cisco OpenVuln
Cisco PIX Firewall CVE-2005-2946 Cisco OpenVuln
Cisco PIX Firewall CVE-2005-2969 Cisco OpenVuln
Cisco Mainframe Channel Connection CVE-2005-2946 Cisco OpenVuln
Cisco Mainframe Channel Connection CVE-2005-2969 Cisco OpenVuln
Cisco IOS XR Software CVE-2005-2946 Cisco OpenVuln
Cisco IOS XR Software CVE-2005-2969 Cisco OpenVuln
Cisco IOS CVE-2005-2946 Cisco OpenVuln
Cisco IOS CVE-2005-2969 Cisco OpenVuln
Cisco GSS Global Site Selector CVE-2005-2946 Cisco OpenVuln
Cisco GSS Global Site Selector CVE-2005-2969 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2005-2946 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2005-2969 Cisco OpenVuln