-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products Advisory ID: cisco-sa-20150710-openssl Revision 1.0 For Public Release 2015 July 10 16:00 UTC (GMT) +----------------------------------------------------------------------- Summary ======= On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client authentication. Multiple Cisco products incorporate a version of the OpenSSL package affected by this vulnerability that could allow an unauthenticated, remote attacker to cause certain checks on untrusted certificates to be bypassed, enabling the attacker to forge "trusted" certificates that could be used to conduct man-in-the-middle attacks. This advisory will be updated as additional information becomes available. Cisco will release free software updates that address this vulnerability. Workarounds that mitigate this vulnerability may be available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVZ/llopI1I6i1Mx3AQIjRg//cvAk2pCkYKp0Y7FxagB/w5e8bgUkkWj1 K0m08whJcJE1Q2ovEzzfzi4I2gU1UxyxMAvSmC4LCCxdlf2lP63nbiPPACcPMxx3 lPSgIbyPO/HHuOT9g7TwJkJV3tXhqMOQqP3AGvlhxZA7XnxBWWwG5VZHbxki71U3 hJjbwC5saREV+nqCBUCHCffJKyfn0jTBEP8k0odkbUPwZkUrJMOqMJgcxuRl0luh 7aqsKdtiA/nsT8VXqKQz68huaC/6+LdrJS/O7qbQjCxnB6UqPUR7q1sB3+S6P1W8 SQ2MiR3ZCOyeGpRt3M5HiHPxTZQTlqexxcNumRw/n4LpXVRvChEWc3+oP0zU6ktK KnhgbVPYVA66MATryoI+iY8kiqNg06ziL49tYv3s3zfyby8QRQkQm2/K2pXLu77x 0xjMPUJ9TJNW7CYUmocJgGMQwUQIix/aTz+XKEKVbBGlQv0MMSuFS55P8nxNjY+F mORLgsOmhHN8XAu1dmftR0spNbWk8X5y2bZ4IKwM1uaaQ5UwU42Y3429LyM8E0EW A4cdKRWWOgjLcrCHNH1vEp2VtakqJBYyJhA2aVCJ9tLAsP7w8/nEocn2q1DlmWT2 dEhbm5OOZxaE8j1PlJd/MRS1fs7N04IsBI6LXFxeYVyS5FPgwjfqarFY8P4EWFGC jFNFYlGfjes= =WKtv -----END PGP SIGNATURE-----
