Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

CVE-2016-7055

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.

SeverityMEDIUM
CVSS5.9
CWENVD-CWE-noinfo
KEV
Published
Modified

Related Products

Product Advisory Evidence
Plug-in for OpenFlow cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Wireless LAN Controller (WLC) cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Wide Area Application Services (WAAS) cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Webex Meetings cisco-sa-20161114-openssl Cisco OpenVuln
Cisco WebEx Meetings Server cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Videoscape Control Suite cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Video Surveillance Media Server Software cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Unity Connection cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Unity cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Unified Workforce Optimization Quality Management cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Unified Contact Center Enterprise cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Unified Contact Center cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Unified Attendant Console cisco-sa-20161114-openssl Cisco OpenVuln
Cisco UCS Director cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Telepresence Conductor cisco-sa-20161114-openssl Cisco OpenVuln
Cisco TelePresence cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Security Manager cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Secure Email and Web Manager cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Secure Email cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Prime Network Registrar cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Prime Network cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Prime IP Express cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Plug-in for OpenFlow cisco-sa-20161114-openssl Cisco OpenVuln
Cisco ONS 15454 System Software cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Network Analysis Module (NAM) Software cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Jabber for Mac cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Jabber Software Development Kit cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Jabber IM for Android cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Jabber cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Identity Services Engine Software cisco-sa-20161114-openssl Cisco OpenVuln
Cisco IOS XR Software cisco-sa-20161114-openssl Cisco OpenVuln
Cisco IOS cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Firepower System Software cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Content Security Management Appliance (SMA) cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Connected Grid Network Management System (CG-NMS) cisco-sa-20161114-openssl Cisco OpenVuln
Cisco Application Policy Infrastructure Controller (APIC) cisco-sa-20161114-openssl Cisco OpenVuln