Product : Cisco SCA 11000 Series Secure Content Accelerator Product URL : http://www.cisco.com/warp/customer/cc/pd/cxsr/ps2083/ CVE : CAN-2002-0656 Software release: All current releases Vendor status : PSIRT and TAC notified 2002/09/17, last update 2002/09/24 Patch status : No patch available Attempts to exploit the vulnerability described in CAN-2002-0656 cause the SCA 11000 (all tested software releases) to spontaneously reboot, resulting in at least a denial of service. This product incorporates code from an older OpenSSL release, and thus shares the same vulnerability. There is no known means to work around this issue, short of disabling SSL services on the system. Cisco's Secure Content Accelerator is closely related to SonicWall's SSL offloader product. The SonicWall product was also vulnerable, and a statement and fix were issued promptly: http://www.sonicwall.com/support/security_advisories/security_advisory-openSSL.html No official fix is as yet available from Cisco for this issue, and no advisory has been released. Impact is likely equivalent to impact on the SonicWall product. Cisco PSIRT publishes advisories here: http://www.cisco.com/warp/public/707/advisory.html -- - mdz
