Vulnslist

find the latest Cisco vulnerabilities

SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability

Cisco-SA-20141211-CVE-2014-8730 · Medium · Published · Updated

A vulnerability in certain implementations of the TLSv1 protocol could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper block cipher padding implemented in TLSv1 when using Cipher Block Chaining (CBC) mode. An attacker could exploit the vulnerability to perform an "oracle padding" side channel attack on the cryptographic message. A successful exploit could allow the attacker to access sensitive information. Consult the bug release note for additional information about affected products and configurations. F5 Networks has confirmed the vulnerability in a security advisory and released software updates. Attacks exploiting this vulnerability are identified as Padding Oracle On Downgraded Legacy Encryption (POODLE) attacks, which could be used to disclose HTTP cookies or other HTTP authorization content that is being transmitted over an TLSv1.x secure session. This issue should not be confused with CVE-2014-3566, as described in Cisco Alert 36084. It should be noted that oracle does not refer to the software company of the same name, but to a term used in cryptography. To exploit the vulnerability, the attacker may require access to a trusted, internal network to perform man-in-the-middle attacks on a targeted system. This access requirement limits the likelihood of a successful exploit.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators and developers are advised to configure applications to require a minimum of TLS 1.2 with an AEAD cipher for secure communication.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to apply Snort SID 32758 to help prevent attacks that attempt to exploit the vulnerability.

Administrators are advised to monitor affected systems.

CVEsCVE-2014-3566, CVE-2014-8730
Cisco Bug IDsCSCus08101, CSCus09311, CSCus17354, CSCus17986, CSCus94884
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco IOS, Cisco ACE Application Control Engine Module, Cisco ASR 5000 Series Software, Cisco Adaptive Security Appliance (ASA) Software 7.0.1, Cisco Adaptive Security Appliance (ASA) Software 7.0.1.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.4.2, Cisco Adaptive Security Appliance (ASA) Software 7.0.2, Cisco Adaptive Security Appliance (ASA) Software 7.0.3, Cisco Adaptive Security Appliance (ASA) Software 7.0.7.1, Cisco Adaptive Security Appliance (ASA) Software 7.0.8, Cisco Adaptive Security Appliance (ASA) Software 7.0.7, Cisco Adaptive Security Appliance (ASA) Software 7.0.6, Cisco Adaptive Security Appliance (ASA) Software 7.0.5, Cisco Adaptive Security Appliance (ASA) Software 7.0.5.12, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.8, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.18, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.22, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.26, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.29, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.32, Cisco Adaptive Security Appliance (ASA) Software 7.0.7.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.7.9, Cisco Adaptive Security Appliance (ASA) Software 7.0.7.12, Cisco Adaptive Security Appliance (ASA) Software 7.0.8.2, Cisco Adaptive Security Appliance (ASA) Software 7.0.8.8, Cisco Adaptive Security Appliance (ASA) Software 7.0.8.12, Cisco Adaptive Security Appliance (ASA) Software 7.0.8.13, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.61, Cisco Adaptive Security Appliance (ASA) Software 7.1.2, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.81, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.64, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.72, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.16, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.20, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.24, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.28, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.38, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.42, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.46, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.49, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.53, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.34, Cisco Adaptive Security Appliance (ASA) Software 7.2.3.1, Cisco Adaptive Security Appliance (ASA) Software 7.2.2, Cisco Adaptive Security Appliance (ASA) Software 7.2.4, Cisco Adaptive Security Appliance (ASA) Software 7.2.3, Cisco Adaptive Security Appliance (ASA) Software 7.2.1, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.27, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.30, Cisco Adaptive Security Appliance (ASA) Software 7.2.5, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.33, Cisco Adaptive Security Appliance (ASA) Software 7.2.1.9, Cisco Adaptive Security Appliance (ASA) Software 7.2.1.13, Cisco Adaptive Security Appliance (ASA) Software 7.2.1.19, Cisco Adaptive Security Appliance (ASA) Software 7.2.1.24, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.6, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.10, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.14, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.18, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.19, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.22, Cisco Adaptive Security Appliance (ASA) Software 7.2.3.12, Cisco Adaptive Security Appliance (ASA) Software 7.2.3.16, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.6, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.9, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.18, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.25, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.2, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.4, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.7, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.8, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.10, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.12, Cisco Adaptive Security Appliance (ASA) Software 8.0.2.11, Cisco Adaptive Security Appliance (ASA) Software 8.0.4, Cisco Adaptive Security Appliance (ASA) Software 8.0.3, Cisco Adaptive Security Appliance (ASA) Software 8.0.2, Cisco Adaptive Security Appliance (ASA) Software 8.0.1.2, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.25, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.28, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.33, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.32, Cisco Adaptive Security Appliance (ASA) Software 8.0.5, Cisco Adaptive Security Appliance (ASA) Software 8.0.2.15, Cisco Adaptive Security Appliance (ASA) Software 8.0.3.6, Cisco Adaptive Security Appliance (ASA) Software 8.0.3.12, Cisco Adaptive Security Appliance (ASA) Software 8.0.3.19, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.3, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.9, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.16, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.23, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.31, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.20, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.23, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.25, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.27, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.28, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.31, Cisco Adaptive Security Appliance (ASA) Software 8.2.0.45, Cisco Adaptive Security Appliance (ASA) Software 8.2.1, Cisco Adaptive Security Appliance (ASA) Software 8.2.2, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.10, Cisco Adaptive Security Appliance (ASA) Software 8.2.3, Cisco Adaptive Security Appliance (ASA) Software 8.2.4, Cisco Adaptive Security Appliance (ASA) Software 8.2.1.11, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.9, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.12, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.16, Cisco Adaptive Security Appliance (ASA) Software 8.2.4.1, Cisco Adaptive Security Appliance (ASA) Software 8.2.4.4, Cisco Adaptive Security Appliance (ASA) Software 8.2.5, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.13, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.22, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.26, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.17, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.33, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.40, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.41, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.46, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.48, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.50, Cisco Adaptive Security Appliance (ASA) Software 8.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.1.2, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.15, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.16, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.19, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.23, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.24, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.50, Cisco Adaptive Security Appliance (ASA) Software 8.1.1.6, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.13, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.49, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.55, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.56, Cisco Adaptive Security Appliance (ASA) Software 8.3.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.3.1, Cisco Adaptive Security Appliance (ASA) Software 8.3.2, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.23, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.25, Cisco Adaptive Security Appliance (ASA) Software 8.3.1.4, Cisco Adaptive Security Appliance (ASA) Software 8.3.1.6, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.4, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.13, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.31, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.33, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.34, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.37, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.39, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.40, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.41, Cisco Adaptive Security Appliance (ASA) Software 8.4.1, Cisco Adaptive Security Appliance (ASA) Software 8.4.2, Cisco Adaptive Security Appliance (ASA) Software 8.4.1.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.1.11, Cisco Adaptive Security Appliance (ASA) Software 8.4.2.8, Cisco Adaptive Security Appliance (ASA) Software 8.4.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.3.8, Cisco Adaptive Security Appliance (ASA) Software 8.4.3.9, Cisco Adaptive Security Appliance (ASA) Software 8.4.4, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.1, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.5, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.9, Cisco Adaptive Security Appliance (ASA) Software 8.4.5, Cisco Adaptive Security Appliance (ASA) Software 8.4.5.6, Cisco Adaptive Security Appliance (ASA) Software 8.4.6, Cisco Adaptive Security Appliance (ASA) Software 8.4.2.1, Cisco Adaptive Security Appliance (ASA) Software 8.4.7, Cisco Adaptive Security Appliance (ASA) Software 8.4.7.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.7.15, Cisco Adaptive Security Appliance (ASA) Software 8.4.7.22, Cisco Adaptive Security Appliance (ASA) Software 8.4.7.23, Cisco Adaptive Security Appliance (ASA) Software 8.5.1, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.6, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.7, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.14, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.17, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.18, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.19, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.21, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.6.1, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.2, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.5, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.10, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.12, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.13, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.14, Cisco Adaptive Security Appliance (ASA) Software 8.7.1, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.3, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.4, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.7, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.8, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.11, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.13, Cisco Adaptive Security Appliance (ASA) Software 9.0.1, Cisco Adaptive Security Appliance (ASA) Software 9.0.2, Cisco Adaptive Security Appliance (ASA) Software 9.0.2.10, Cisco Adaptive Security Appliance (ASA) Software 9.0.3, Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6, Cisco Adaptive Security Appliance (ASA) Software 9.0.3.8, Cisco Adaptive Security Appliance (ASA) Software 9.0.4, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.1, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.5, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.17, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.20, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.24, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.7, Cisco Adaptive Security Appliance (ASA) Software 9.1.1, Cisco Adaptive Security Appliance (ASA) Software 9.1.1.4, Cisco Adaptive Security Appliance (ASA) Software 9.1.2, Cisco Adaptive Security Appliance (ASA) Software 9.1.3, Cisco Adaptive Security Appliance (ASA) Software 9.1.2.8, Cisco Adaptive Security Appliance (ASA) Software 9.1.3.2, Cisco Adaptive Security Appliance (ASA) Software 9.1.4, Cisco Adaptive Security Appliance (ASA) Software 9.1.4.5, Cisco Adaptive Security Appliance (ASA) Software 9.1.5, Cisco Adaptive Security Appliance (ASA) Software 9.1.5.10, Cisco Adaptive Security Appliance (ASA) Software 9.1.5.12, Cisco Adaptive Security Appliance (ASA) Software 9.1.5.15, Cisco Adaptive Security Appliance (ASA) Software 9.2.1, Cisco Adaptive Security Appliance (ASA) Software 9.2.2, Cisco Adaptive Security Appliance (ASA) Software 9.2.2.4, Cisco Adaptive Security Appliance (ASA) Software 9.2.2.7, Cisco Adaptive Security Appliance (ASA) Software 9.2.3, Cisco Adaptive Security Appliance (ASA) Software 9.2.2.8, Cisco Adaptive Security Appliance (ASA) Software 9.3.1, Cisco Adaptive Security Appliance (ASA) Software 9.3.1.1, Cisco Adaptive Security Appliance (ASA) Software 9.3.2, Cisco Adaptive Security Appliance (ASA) Software

Related Products

Product CVE Evidence
Cisco IOS CVE-2014-3566 Cisco OpenVuln
Cisco IOS CVE-2014-8730 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2014-3566 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2014-8730 Cisco OpenVuln
Cisco ASR 5000 Series Software CVE-2014-3566 Cisco OpenVuln
Cisco ASR 5000 Series Software CVE-2014-8730 Cisco OpenVuln
Cisco ACE Application Control Engine Module CVE-2014-3566 Cisco OpenVuln
Cisco ACE Application Control Engine Module CVE-2014-8730 Cisco OpenVuln