Cisco Products Vulnerable to POODLE Attacks

  • 21 October 2014
  • 0 replies
  • 152 views

Userlevel 7
By Eduard Kovacs on October 21, 2014
 
Cisco has been analyzing its products to determine which of them are affected by the recently disclosed Secure Sockets Layer (SSL) version 3 protocol flaw dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE).
Many technology firms are still patching their products to ensure they are not vulnerable to ShellShock attacks and are forced to take steps to protect their customers against POODLE attacks, which can be leveraged to extract information from encrypted communications. 
Many of Cisco's products are still under investigation, but the company has published a list of solutions confirmed to be vulnerable or not vulnerable. Vulnerable products include Cisco Webex Social, Cisco AnyConnect, Cisco ACE, Cisco Standalone rack server CIMC, Cisco Wireless LAN Controller, Cisco Cloud Web Security, and various Cisco TelePresence devices.
Several network and content security devices, voice and communication devices, and routing and switching products are also vulnerable to POODLE attacks.
Cisco Adaptive Security Device Manager, Cisco Prime Data Center Network Manager and Cisco Webex Messenger Service are not affected.
 
 
Full Article

0 replies

Be the first to reply!

Reply