Vulnerability in Multiple Cisco Products

Number: AV10-024
Date: 29 July 2010

Purpose

The purpose of this advisory is to raise awareness of a vulnerability in multiple Cisco products.

Assessment

An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol, which could impact Cisco products that use versions of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation, exposes users to a potential man-in-the-middle attack and could manipulate data and information.

Affected Products:

• Cisco ACE 4700 Series Application Control Engine Appliances
• Cisco ACE Application Control Engine Module
• Cisco ACE GSS 4400 Series Global Site Selector Appliances
• Cisco ACE Web Application Firewall
• Cisco Wireless Control System
• Cisco Wireless LAN Controller (WLC)
• Cisco Wireless Location Appliance
• Cisco CiscoWorks Wireless LAN Solution Engine (WLSE)
• Cisco Digital Media Player
• Cisco Digital Media Manager
• Cisco Access Control Server (ACS)
• Cisco CiscoWorks Common Services
• Cisco Telepresence Recording Server
• Cisco NX-OS Software
• Cisco Video Surveillance Operations Manager Software
• Cisco Video Surveillance Media Server Software
• Cisco ASA 5500 Series Adaptive Security Appliances
• Cisco Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module (FWSM)
• Cisco AVS 3120 and 3180 Series Application Velocity System
• Cisco CSS 11500 Series Content Services Switches
• Cisco Content Switching Module (CSM)
• Cisco Wide Area Application Services (WAAS)
• Cisco Application Networking Manager (ANM)
• Cisco Unified IP Phones
• Cisco ONS 15500 Series
• Cisco Unified Contact Center Products
• Cisco Security Agent (CSA)
• Cisco IP Communicator
• Cisco Network Registrar
• Cisco Unified Communications Manager (CallManager)
• Cisco Network Analysis Module Software (NAM)
• Cisco IronPort's Email Security Appliance (X-Series & C-Series)
• Cisco Spam & Virus Blocker (B-Series)
• Cisco IronPort Web Security Appliance (S-Series)
• Cisco IronPort Security Management Appliance (M-Series)
• Cisco IronPort Encryption Appliance (IEA)
• Cisco Pix

Suggested action

Cisco has released a fix for this vulnerability. CCIRC recommends that administrators test and deploy these updates at the earliest opportunity.

http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml

References:

http://www.vupen.com/english/advisories/2010/1942
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca