Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

OpenSSL TLS/DTLS Heartbeat Information Disclosure Vulnerability

Cisco-SA-20140408-CVE-2014-0160 · Medium · Published · Updated

A vulnerability in the Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) heartbeat functionality in OpenSSL used in multiple Cisco products could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. The vulnerability is due to a missing bounds check in the handling of the TLS heartbeat extension. An attacker could exploit this vulnerability by implementing a malicious TLS or DTLS client, if trying to exploit the vulnerability on an affected server, or a malicious TLS or DTLS server, if trying to exploit the vulnerability on an affected client. The attacker could then send a specially-crafted TLS or DTLS heartbeat packet to the connected client or server. An exploit could allow the attacker to disclose a limited portion of memory from a connected client or server for every heartbeat packet sent. The disclosed portions of memory could contain sensitive information that may include private keys and passwords. Functional code that exploits this vulnerability is available as part of the Metasploit framework. OpenSSL has confirmed the vulnerability and released software updates. An attacker could exploit this vulnerability to access memory from an application that uses an affected version of OpenSSL in chunks of 64k; however, repeated exploitation could allow the attacker to retrieve additional memory to further retrieve sensitive information. However, widespread attacks have not been detected or reported. A secondary impact of the vulnerability, the compromise of certificate secret key information, could allow attackers to decrypt captured network traffic, whether stored or in transit. Attackers also require a privileged position in the network to capture network traffic, increasing the difficulty of leveraging information gained from exploits against the vulnerability. If sites are using SSL certificates for authentication, attackers could use stolen secret keys to impersonate a trusted host, possibly for use as part of phishing or spoofing attacks. CVSS temporal scoring metrics on this vulnerability reflect software products affected by the vulnerability that have no available software updates. Products with available software updates have a reduced temporal score.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider disabling OpenSSL heartbeat support by recompiling OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag.

Administrators can help protect affected systems from external attacks by using a solid firewall strategy.

Administrators are advised to monitor affected systems.

CVEsCVE-2014-0160
Cisco Bug IDsCSCuo17488
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:C
Product Names From Source
Cisco AnyConnect Secure Mobility Client, Cisco TelePresence Video Communication Server (VCS), Cisco Desktop Collaboration Experience DX650 Software, Cisco Unified IP Phones 9900 Series Firmware, Cisco Unified IP Phone 8945

Related Products

Product CVE Evidence
Cisco Unified IP Phones 9900 Series Firmware CVE-2014-0160 Cisco OpenVuln
Cisco Unified IP Phone 8945 CVE-2014-0160 Cisco OpenVuln
Cisco TelePresence Video Communication Server (VCS) CVE-2014-0160 Cisco OpenVuln
Cisco TelePresence CVE-2014-0160 Cisco OpenVuln
Cisco Desktop Collaboration Experience DX650 Software CVE-2014-0160 Cisco OpenVuln
Cisco AnyConnect Secure Mobility Client CVE-2014-0160 Cisco OpenVuln