Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

CVE-2017-3732

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.

SeverityMEDIUM
CVSS5.9
CWECWE-200
KEV
Published
Modified

Related Products

Product Advisory Evidence
UCS B-Series Blade Server Software cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Wireless LAN Controller (WLC) cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Webex Meetings cisco-sa-20170130-openssl Cisco OpenVuln
Cisco WebEx Meetings Server cisco-sa-20170130-openssl Cisco OpenVuln
Cisco WebEx Meeting Center cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Video Surveillance Media Server Software cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Unity Connection cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Unity cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Unified Intelligence Center cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Unified IP Phone 8945 cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Unified Contact Center Express cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Unified Contact Center cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Unified Attendant Console cisco-sa-20170130-openssl Cisco OpenVuln
Cisco UCS Director cisco-sa-20170130-openssl Cisco OpenVuln
Cisco UCS B-Series Blade Server Software cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Telepresence Conductor cisco-sa-20170130-openssl Cisco OpenVuln
Cisco TelePresence Video Communication Server (VCS) cisco-sa-20170130-openssl Cisco OpenVuln
Cisco TelePresence cisco-sa-20170130-openssl Cisco OpenVuln
Cisco SocialMiner cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Secure Email and Web Manager cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Secure Email cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Prime Performance Manager cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Prime Optical cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Prime Network Registrar cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Prime Network cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Prime License Manager cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Prime Infrastructure cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Prime IP Express cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Prime Data Center Network Manager (DCNM) cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Prime Collaboration Deployment cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Prime Collaboration Assurance cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Prime Collaboration cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Prime Access Registrar cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Nexus 3000 Series Switch cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Nexus 1000V InterCloud for VMware cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Network Analysis Module (NAM) Software cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Mobility Services Engine cisco-sa-20170130-openssl Cisco OpenVuln
Cisco MediaSense cisco-sa-20170130-openssl Cisco OpenVuln
Cisco MATE Live cisco-sa-20170130-openssl Cisco OpenVuln
Cisco MATE Design cisco-sa-20170130-openssl Cisco OpenVuln
Cisco MATE Collector cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Jabber for Windows cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Jabber for Mac cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Jabber Software Development Kit cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Jabber Guest cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Jabber cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Identity Services Engine Software cisco-sa-20170130-openssl Cisco OpenVuln
Cisco IP phone cisco-sa-20170130-openssl Cisco OpenVuln
Cisco IP Phone 8800 Series Software cisco-sa-20170130-openssl Cisco OpenVuln
Cisco IP Phone 7800 Series cisco-sa-20170130-openssl Cisco OpenVuln
Cisco IOS XR Software cisco-sa-20170130-openssl Cisco OpenVuln
Cisco IOS XE Software cisco-sa-20170130-openssl Cisco OpenVuln
Cisco IOS cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Hosted Collaboration Mediation Fulfillment cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Firepower System Software cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Finesse cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Expressway cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Emergency Responder cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Email Security Appliance (ESA) cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Digital Media Player Software cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Content Security Management Appliance (SMA) cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Connected Grid Network Management System (CG-NMS) cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Application Policy Infrastructure Controller (APIC) cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Agent Desktop cisco-sa-20170130-openssl Cisco OpenVuln
Cisco ATA 187 Analog Telephone Adaptor cisco-sa-20170130-openssl Cisco OpenVuln
Cisco ASR 5000 Series Software cisco-sa-20170130-openssl Cisco OpenVuln
Cisco Catalyst 9600 Series Switches cisco-sa-20170130-openssl Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches cisco-sa-20170130-openssl Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches cisco-sa-20170130-openssl Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches cisco-sa-20170130-openssl Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches cisco-sa-20170130-openssl Cisco OpenVuln · software-dependent