Vulnslist

find the latest Cisco vulnerabilities

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021

cisco-sa-openssl-2021-GHY28dJd · High · Published · Updated

On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd

Cisco advisory ·CSAF JSON

Workarounds

Any workarounds will be documented in the product-specific Cisco bugs, which are identified in the Vulnerable Products ["#vp"] section of this advisory.

CVEsCVE-2021-3449, CVE-2021-3450
Cisco Bug IDsNA
CVSS ScoreBase 7.4
Base 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Adaptive Security Appliance (ASA) Software, Cisco IOS XE Software, Cisco Identity Services Engine Software, Cisco IoT Field Network Director (IoT-FND), Cisco Network Services Orchestrator, Cisco HyperFlex HX Data Platform, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software

Related Products

Product CVE Evidence
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software CVE-2021-3450 Cisco OpenVuln
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software CVE-2021-3449 Cisco OpenVuln
Cisco Network Services Orchestrator CVE-2021-3450 Cisco OpenVuln
Cisco Network Services Orchestrator CVE-2021-3449 Cisco OpenVuln
Cisco IoT Field Network Director (IoT-FND) CVE-2021-3450 Cisco OpenVuln
Cisco IoT Field Network Director (IoT-FND) CVE-2021-3449 Cisco OpenVuln
Cisco Identity Services Engine Software CVE-2021-3450 Cisco OpenVuln
Cisco Identity Services Engine Software CVE-2021-3449 Cisco OpenVuln
Cisco IOS XE Software CVE-2021-3450 Cisco OpenVuln
Cisco IOS XE Software CVE-2021-3449 Cisco OpenVuln
Cisco IOS CVE-2021-3450 Cisco OpenVuln
Cisco IOS CVE-2021-3449 Cisco OpenVuln
Cisco HyperFlex HX Data Platform CVE-2021-3450 Cisco OpenVuln
Cisco HyperFlex HX Data Platform CVE-2021-3449 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2021-3450 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2021-3449 Cisco OpenVuln
Cisco Catalyst 9600 Series Switches CVE-2021-3450 Cisco OpenVuln · software-dependent
Cisco Catalyst 9600 Series Switches CVE-2021-3449 Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches CVE-2021-3450 Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches CVE-2021-3449 Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches CVE-2021-3450 Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches CVE-2021-3449 Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches CVE-2021-3450 Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches CVE-2021-3449 Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches CVE-2021-3450 Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches CVE-2021-3449 Cisco OpenVuln · software-dependent