By Eduard Kovacs on October 21, 2014
Cisco has been analyzing its products to determine which of them are affected by the recently disclosed Secure Sockets Layer (SSL) version 3 protocol flaw dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE).
Many technology firms are still patching their products to ensure they are not vulnerable to ShellShock attacks and are forced to take steps to protect their customers against POODLE attacks, which can be leveraged to extract information from encrypted communications.
Many of Cisco's products are still under investigation, but the company has published a list of solutions confirmed to be vulnerable or not vulnerable. Vulnerable products include Cisco Webex Social, Cisco AnyConnect, Cisco ACE, Cisco Standalone rack server CIMC, Cisco Wireless LAN Controller, Cisco Cloud Web Security, and various Cisco TelePresence devices.
Several network and content security devices, voice and communication devices, and routing and switching products are also vulnerable to POODLE attacks.
Cisco Adaptive Security Device Manager, Cisco Prime Data Center Network Manager and Cisco Webex Messenger Service are not affected.
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.