Russian Vulnerability Scanner Database

Back to List

BDU:2015-00126

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

4.3medium2.0
0246810

CVSS Score: 4.3/10

All CVSS Scores

CVSS 2.0
4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Description

Уязвимость существует в OpenSSL из-за некорректного ограничения обработки сообщений ChangeCipherSpec. Эксплуатация данной уязвимости позволяет злоумышленнику, действующему по принципу “человек посередине”, спровоцировать использование пустого (нулевой длины) мастер-ключа в передаче данных OpenSSL-to-OpenSSL с последующим перехватом сессии или получением доступа к конфиденциальной информации при помощи специально сформированного TLS-квитирования (handshake). Данная уязвимость также известна под названием “Внедрение CCS”.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2014-0224

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup21571
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22522
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22532
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22544
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22563
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22587
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22590
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22652
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22663
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup22670
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCup28056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
CISCO
(CSCup28056)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup28056
CISCO
(CSCup22544)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22544
CISCO
(CSCup22532)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22532
CISCO
(CSCup21571)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup21571
CISCO
(CSCup22652)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22652
CISCO
(CSCup22522)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22522
CISCO
(CSCup22590)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22590
CISCO
(CSCup22663)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22663
CISCO
(CSCup22563)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22563
CISCO
(CSCup22670)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22670
CISCO
(CSCup22587)
:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCup22587
"

Recommendations

Source: bdu

Использование рекомендаций производителя:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

URL: https://bdu.fstec.ru/vul/2015-00126

Vulnerable Software (9)

Type: Configuration

Vendor: cisco systems inc.

Product: adaptive security appliance

Operating System: * *

Trait: 
{  "version_end_excluding": "8.5(1.21)",  "version_start_including": "8.5"}

Source: bdu

Type: Configuration

Vendor: cisco systems inc.

Product: adaptive security appliance

Operating System: * *

Trait: 
{  "version_end_excluding": "8.6(1.14)",  "version_start_including": "8.6"}

Source: bdu

Type: Configuration

Vendor: cisco systems inc.

Product: adaptive security appliance

Operating System: * *

Trait: 
{  "version_end_excluding": "8.7(1.12)",  "version_start_including": "8.7"}

Source: bdu

Type: Configuration

Vendor: cisco systems inc.

Product: adaptive security appliance

Operating System: * *

Trait: 
{  "version_end_excluding": "9.0(4.16)",  "version_start_including": "9.0"}

Source: bdu

Type: Configuration

Vendor: cisco systems inc.

Product: adaptive security appliance

Operating System: * *

Trait: 
{  "version_end_excluding": "9.2(2)",  "version_start_including": "9.2(1)"}

Source: bdu

Type: Configuration

Vendor: cisco systems inc.

Product: adaptive security appliance

Operating System: * *

Trait: 
{  "version_end_excluding": "8.3(2.41)",  "version_start_including": "8.3"}

Source: bdu

Type: Configuration

Vendor: cisco systems inc.

Product: adaptive security appliance

Operating System: * *

Trait: 
{  "version_end_excluding": "8.4(7.21)",  "version_start_including": "8.4"}

Source: bdu

Type: Configuration

Vendor: cisco systems inc.

Product: adaptive security appliance

Operating System: * *

Trait: 
{  "version_end_excluding": "9.1(5.9)",  "version_start_including": "9.1"}

Source: bdu

Type: Configuration

Vendor: cisco systems inc.

Product: adaptive security appliance

Operating System: * *

Trait: 
{  "version_end_excluding": "8.2(5.50)",  "version_start_including": "8.0"}

Source: bdu