Cisco Security Manager OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information
|
SecurityTracker Alert ID: 1030079 |
SecurityTracker URL: http://securitytracker.com/id/1030079
|
CVE Reference:
CVE-2014-0160
(Links to External Site)
|
Date: Apr 14 2014
|
Impact:
Disclosure of authentication information, Disclosure of system information, Disclosure of user information
|
Vendor Confirmed: Yes Exploit Included: Yes
|
|
Description:
A vulnerability was reported in Cisco Security Manager. A remote user can obtain potentially sensitive information.
A remote user can trigger a buffer overread in the processing of the TLS heartbeat extension to obtain up to 64k of memory (per heartbeat request), potentially including encryption keys.
The vendor has assigned bug ID CSCuo19265 to this vulnerability.
[Editor's note: This vulnerability is known as the OpenSSL heartbleed vulnerability.]
Neel Mehta of Google Security and researchers from Codenomicon reported this vulnerability.
|
Impact:
A remote user can obtain potentially sensitive information, including encryption keys.
|
Solution:
No solution was available at the time of this entry.
The vendor's advisory is available at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
|
Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed (Links to External Site)
|
Cause:
Access control error, Boundary error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|