Cisco behebt FREAK-Bug und andere SSL-Lecks in zahlreichen Produkten
Eine lange Liste mit verschiedenen von OpenSSL-Bugs betroffenen Produkten veröffentlicht Cisco. Diese könnte aber noch länger werden, denn noch nicht alle Produkte konnten bislang überprüft werden.
Netzwerkausrüster Cisco hat ein Advisory, das zahlreiche Produkte betrifft, veröffentlicht. Neben dem bekannten Leck FREAK (CVE-2015-0204) leiden verschiedene Cisco-Produkte auch unter anderen OpenSSL-Lecks. Für einige Produkte gibt es bereits Updates. An weiteren wird derzeit noch gearbeitet und einige Produkte prüfe Cisco derzeit laut eigenen Angaben noch.
So sind Verschiedene Produkte und Produkt-Kategorien wie etwa Switches, Firewalls, Software oder auch Videokonferenzlösungen von den Lecks betroffen. Wie zum zum Beispiel der OpenFlow Agent, der Cisco WebEx-Meeting-Server 1.x und 2.x, verschiedene Client-Lösungen bei Jabber oder AnyConnect verschiedene Lösungen für Netzwerk-Management und Netzwerk-Sicherheit. Darüber hinaus sind auch die Cisco Unified Computing Systems (UCS) der C-Series und System-B-Series verwundbar. Neben dem Wireless LAN Controller sind auch Web-Services des Anbieters von den Lecks betroffen, wie etwa Network Performance Analytics oder WebEx for Android. 
In den genannten Produkten sind Man-in-the-Middle-Attacken (MitM) oder DoS-Angriffe möglich. Um die Auswirkungen eines Lecks auf ein spezielles Produkt zu erfahren verweist Cisci auf das Cisco Bug Search Tool. Hier können Anwender auch gegebenenfalls einen Workaround für ein Leck erfragen.
Produkte wie der Cisco 1000 Series Connected Grid Routers, Cisco ASA CX Context-Aware Security oder das Connected Grid Network Management System sowie zahlreiche weitere werden derzeit noch geprüft.
So hatte das OpenSSL-Projekt am 8. Januar insgesamt 8 verschiedene Sicherheitslecks in OpenSSL bekannt gegeben. Am 10. März hatte Cisco die ersten bekannten Produkte in dem Advisory gelistet, seit dem wird das Dokument weiter aktualisiert.
Die betroffenen Produkte listet Cisco in einer Übersicht auf:
| Product | Defect | Fixed releases availability |
|---|---|---|
Collaboration and Social Media |
||
| Cisco WebEx Meetings Server versions 1.x | CSCus42712 | 2.5MR2 |
| Cisco WebEx Meetings Server versions 2.x | CSCus42712 | 2.5MR2 |
Endpoint Clients and Client Software |
||
| Cisco Agent for OpenFlow | CSCus42902 | |
| Cisco AnyConnect Secure Mobility Client for Android | CSCus42726 | |
| Cisco AnyConnect Secure Mobility Client for desktop platforms | CSCus42726 | |
| Cisco AnyConnect Secure Mobility Client for iOS | CSCus42726 | 004.000(1233) |
| Cisco Jabber Software Development Kit | CSCus42945 | |
| Cisco Jabber Video for TelePresence (Movi) | CSCus42871 | |
| Cisco Jabber Voice for Android | CSCus42947 | |
| Cisco Jabber for Android | CSCus42952 | |
Network Application, Service, and Acceleration |
||
| Cisco ACE30 Application Control Engine Module | CSCus42709 | 3.0(0)A5(3.1.15) |
| Cisco NAC Manager (Clean Access Manager) | CSCus42840 | |
| Cisco Wide Area Application Services (WAAS) | CSCus42766 | |
Network and Content Security Devices |
||
| Cisco Adaptive Security Appliance (ASA) Software | CSCus42901 | 9.2(3.1) 9.1(5.106) 9.0(4.29) 8.4(7.26) |
| Cisco Email Security Appliance (ESA) | CSCus42818 | |
| Cisco FireSIGHT System Software | CSCus77211 | 5.4.0.2 5.4.1.1 |
| Cisco IPS | CSCus42768 | |
| Cisco Identity Service Engine (ISE) | CSCus42710 | |
| Cisco NAC Guest Server | CSCus42834 | |
| Cisco Physical Access Gateway | CSCus43000 | |
| Cisco Secure Access Control Server (ACS) | CSCus42781 | |
| Cisco Web Security Appliance (WSA) | CSCus42705 | 9.0.0(Elbrus)-FCS |
Network Management and Provisioning |
||
| Cisco Application Networking Manager | CSCus42821 | |
| Cisco Intelligent Automation for Cloud | CSCus42852 | |
| Cisco MATE Design | CSCus42772 | |
| Cisco MATE Live | CSCus42772 | |
| Cisco MATE collector | CSCus42772 | |
| Cisco Packet Tracer | CSCus47080 | |
| Cisco Prime Collaboration Assurance | CSCus42924 | |
| Cisco Prime Collaboration Deployment | CSCus42954 | |
| Cisco Prime Collaboration Provisioning 10.5 | CSCus42816 | |
| Cisco Prime Data Center Network Manager (DCNM) | CSCus42763 | |
| Cisco Prime LAN Management Solution | CSCus42883 | |
| Cisco Prime License Manager | CSCus42699 | |
| Cisco Prime Network Registrar (CPNR) | CSCus42701 | 8.3 8.2.2.2 8.1.3.3 |
| Cisco Prime Optical for SPs | CSCus42879 | |
| Cisco Prime Performance Manager for SPs | CSCus42880 | PPM 1.6 SP1 |
| Cisco Security Manager | CSCus42723 | |
| Cisco UCS Central | CSCus42724 | |
| Local Collector Appliance (LCA) | CSCus42873 | 2.2.8 |
Routing and Switching – Enterprise and Service Provider |
||
| Cisco Application Policy Infrastructure Controller | CSCus42749 | 1.1(0.625) 1.0(2.136a) |
| Cisco IOS Software | CSCus61884 | 15.5(03)S |
| Cisco Mobile Wireless Transport Manager | CSCus42993 | |
| Cisco Nexus 9000 Series Switches | CSCus42784 | |
| Cisco OnePK All-in-One VM | CSCus42732 | Admin to update via shell. |
| Nexus 3500 Series Switches | CSCus43046 | |
Routing and Switching – Small Business |
||
| Cisco WAG310G Residential Gateway | CSCus43007 | |
Unified Computing |
||
| Cisco UCS C-Series (Standalone Rack) Servers | CSCus42715 | |
| Cisco Unified Computing System B-Series (Blade) Servers | CSCus42714 | |
Voice and Unified Communications Devices |
||
| Cisco ATA 187 Analog Telephone Adaptor | CSCus42814 | |
| Cisco ATA 190 Series Analog Telephone Adapter | CSCus42791 | |
| Cisco Agent Desktop | CSCus42910 | 10.0(2) |
| Cisco DX Series IP Phones | CSCut08817 | |
| Cisco Emergency Responder | CSCus42904 | |
| Cisco Hosted Collaboration Mediation Fulfillment | CSCus42794 | |
| Cisco IM and Presence Service (CUPS) | CSCus42751 | |
| Cisco IP Interoperability and Collaboration System (IPICS) | CSCus43020 | |
| Cisco MediaSense | CSCus42906 | |
| Cisco MeetingPlace | CSCus42786 | |
| Cisco Paging Server (Informacast) | CSCus42905 | |
| Cisco Paging Server | CSCus42905 | |
| Cisco SocialMiner | CSCus42851 | |
| Cisco Unified Attendant Console (all editions) | CSCus42803 | |
| Cisco Unified Communications Domain Manager | CSCus42711 | 10.1(2) |
| Cisco Unified Communications Manager (UCM) | CSCus60116 | |
| Cisco Unified Communications Manager Session Management Edition (SME) | CSCus60116 | |
| Cisco Unified IP Conference Phone 8831 | CSCus42757 | |
| Cisco Unified Sip Proxy | CSCus42917 | |
| Cisco Virtualization Experience Media Engine | CSCus42958 | |
Video, Streaming, TelePresence, and Transcoding Devices |
||
| Cisco AnyRes Live (CAL) | CSCus42909 | |
| Cisco D9036 Modular Encoding Platform | CSCus42887 | |
| Cisco Edge 300 Digital Media Player | CSCus42801 | |
| Cisco Edge 340 Digital Media Player | CSCus43052 | |
| Cisco Enterprise Content Delivery System (ECDS) | CSCus42875 | |
| Cisco Expressway Series | CSCus42702 | |
| Cisco IPTV | CSCus43009 | |
| Cisco PowerVu D9190 Conditional Access Manager (PCAM) | CSCus42894 | |
| Cisco TelePresence Advanced Media Gateway Series | CSCus42833 | |
| Cisco TelePresence Conductor | CSCus42987 | |
| Cisco TelePresence Content Server (TCS) | CSCus42976 | |
| Cisco TelePresence EX Series | CSCus42827 | |
| Cisco TelePresence ISDN GW 3241 | CSCus42753 | |
| Cisco TelePresence ISDN GW MSE 8321 | CSCus42753 | |
| Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300) | CSCus42831 | |
| Cisco TelePresence MX Series | CSCus42827 | |
| Cisco TelePresence Profile Series | CSCus42827 | |
| Cisco TelePresence SX Series | CSCus42827 | |
| Cisco TelePresence Serial Gateway Series | CSCus42754 | |
| Cisco TelePresence Server 8710, 7010 | CSCus42752 | 4.1 Maintenance Release (March 2015) |
| Cisco TelePresence Server on Multiparty Media 310, 320 | CSCus42752 | 4.1 Maintenance Release (March 2015) |
| Cisco TelePresence Server on Virtual Machine | CSCus42752 | 4.1 Maintenance Release (March 2015) |
| Cisco TelePresence Supervisor MSE 8050 | CSCus42755 | |
| Cisco TelePresence TE Software (for E20 – EoL) | CSCus42829 | |
| Cisco TelePresence Video Communication Server (VCS) | CSCus42702 | |
| Cisco Telepresence Integrator C Series | CSCus42827 | |
| Cisco VDS Service Broker | CSCus43022 | |
| Cisco Video Surveillance 3000 Series IP Cameras | CSCus42721 | |
| Cisco Video Surveillance 4000 Series High-Definition IP Cameras | CSCus42983 | |
| Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras | CSCus42982 | |
| Cisco Video Surveillance 6000 Series IP Cameras | CSCus42721 | |
| Cisco Video Surveillance 7000 Series IP Cameras | CSCus42721 | |
| Cisco Video Surveillance Media Server | CSCus43015 | 7.7 |
| Cisco Video Surveillance PTZ IP Cameras | CSCus42721 | |
| Cloud Object Store (COS) | CSCus43014 | |
| Media Services Interface | CSCus43013 | |
| Tandberg Codian ISDN GW 3210/3220/3240 | CSCus42753 | |
| Tandberg Codian MSE 8320 model | CSCus42753 | |
Wireless |
||
| Cisco Wireless Lan Controller (WLC) | CSCus42727 | |
Cisco Hosted Services |
||
| Cisco Common Services Platform Collector | CSCus95785 | |
| Cisco Network Configuration and Change Management Service | CSCus42860 | |
| Cisco Proactive Network Operations Center | CSCus42796 | |
| Cisco WebEx Meetings for Android | CSCus42742 | Android 7.0 |
| Cisco WebEx Meetings for WP8 | CSCus42941 | |
| Network Performance Analytics (NPA) | CSCus42893 | |
