An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20091109-tls.
An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack.
This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20091109-tls.
Cisco is currently evaluating products for possible exposure to these TLS issues. Products will only be listed in the Vulnerable Products or Products Confirmed Not Vulnerable sections of this advisory when a final determination about product exposure is made. Products that are not listed in either of these two sections are still being evaluated.
This section will be updated when more information is available. The following products are confirmed to be vulnerable:
The following products are confirmed not vulnerable:
This section will be updated when more information is available.
TLS and its predecessor, SSL, are cryptographic protocols that provide security for communications over IP data networks such as the Internet. An industry-wide vulnerability exists in the TLS protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack.
Note: Extensible Authentication Protocol Transport Layer Security (EAP-TLS) and Protected Extensible Authentication Protocol (PEAP) are not affected by this vulnerability.
The following Cisco Bug IDs are being used to track potential exposure to the SSL and TLS issues. The bugs listed below do not confirm that a product is vulnerable, but rather that the product is under investigation by the appropriate product teams.
Registered Cisco customers can view these bugs via Cisco's Bug Toolkit: http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl
Product |
Bug ID |
---|---|
Cisco ACE 4700 Series Application Control Engine Appliances |
|
Cisco ACE Application Control Engine Module |
|
Cisco ACE GSS 4400 Series Global Site Selector Appliances |
|
Cisco ACE Web Application Firewall |
|
Cisco Adaptive Security Device Manager (ASDM) |
|
Cisco AON Software |
|
Cisco AON Healthcare for HIPAA and ePrescription |
|
Cisco Application and Content Networking System (ACNS) Software |
|
Cisco Application Networking Manager |
|
Cisco ASA 5500 Series Adaptive Security Appliances |
|
Cisco ASA Advanced Inspection and Prevention (AIP) Security Services Module |
|
Cisco AVS 3100 Series Application Velocity System |
|
Cisco Catalyst 6500 Series SSL Services Module |
|
Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module (FWSM) |
|
Cisco CSS 11000 Series Content Services Switches |
|
Cisco Unified SIP Phones |
|
Cisco Data Mobility Manager |
|
Cisco Digital Media Manager |
|
Cisco Digital Media Players |
|
Cisco Emergency Responder |
|
Cisco Internet Streamer CDS |
|
Cisco IOS Software |
|
Cisco IOS XE Software |
|
Cisco IOS XR Software |
|
Cisco IP Communicator |
|
CATOS |
|
Cisco IronPort Appliances |
|
Cisco NAC Appliance (Clean Access) |
|
Cisco NAC Guest Server |
|
Cisco NAC Profiler |
|
Cisco Network Analysis Module Software (NAM) |
|
Cisco Network Registrar |
|
Cisco ONS 15500 Series |
|
Cisco Physical Access Gateways |
|
Cisco Physical Access Manager |
|
Cisco QoS Device Manager |
|
Cisco Secure Access Control Server (ACS) |
CSCtd00725 and CSCtd69422 |
Cisco Secure Desktop |
|
Cisco Secure Services Client |
|
Cisco Security Agent CSA |
|
Cisco Security Monitoring, Analysis and Response System (MARS) |
|
Cisco Unified IP Phones |
|
Cisco TelePresence Manager |
|
Telepresence for Consumer |
|
Cisco TelePresence Recording Server |
|
Cisco Network Asset Collector |
CSCtd04198 and CSCtd37007 |
Cisco Unified Communications Manager (CallManager) |
|
Cisco Unified Business Attendant Console |
|
Cisco Unified Contact Center Enterprise |
|
Cisco Unified Contact Center Express |
|
Cisco Unified Contact Center Management Portal |
|
Cisco Unified Contact Center Products |
|
Cisco Unified Department Attendant Console |
|
Cisco Unified E-Mail Interaction Manager |
|
Cisco Unified Enterprise Attendant Console |
|
Cisco Unified Mobility |
|
Cisco Unified Mobility Advantage |
|
Cisco Unified Operations Manager |
|
Cisco Unified Personal Communicator |
|
Cisco Unified Presence |
CSCtd05791 and CSCte81278 |
Cisco Unified Provisioning Manager |
|
Cisco Unified Quick Connect |
|
Cisco Unified Service Monitor |
|
Cisco Unified Service Statistics Manager |
|
Cisco Unified SIP Proxy |
|
Cisco Unity |
|
Cisco NX-OS Software |
CSCtd00699 and CSCtd00703 |
Cisco Video Portal |
|
Cisco Video Surveillance Media Server Software |
|
Cisco Video Surveillance Operations Manager Software |
|
Cisco Wide Area Application Services (WAAS) |
|
Cisco Wireless Control System |
|
Cisco Wireless LAN Controller (WLAN) |
|
Cisco Wireless Location Appliance |
|
CiscoWorks Common Services Software |
|
CiscoWorks Wireless LAN Solution Engine (WLSE) |
|
Linksys Routers |
Not viewable in Bug Toolkit |
WebEx Connect |
Not viewable in Bug Toolkit |
WebEx Event Center |
Not viewable in Bug Toolkit |
WebEx Meeting Center |
Not viewable in Bug Toolkit |
WebEx Meet Me Now (MMN) |
Not viewable in Bug Toolkit |
WebEx PCNow (PCN) |
Not viewable in Bug Toolkit |
WebEx Sales Center |
Not viewable in Bug Toolkit |
WebEx Support Center |
Not viewable in Bug Toolkit |
WebEx Training Center |
Not viewable in Bug Toolkit |
This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-3555.
There are no known workarounds.
This section will be updated to include fixed software versions for affected Cisco products as they become available.
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
Each row of the software table below lists a product that has been patched to disable SSL/TLS renegotiation and the version(s) of software which contains the fix. A device running a release that is earlier than the release in a specific column (less than the First Fixed in Release) is known to be vulnerable. The release should be upgraded at least to the indicated release or a later version.
Product |
First Fixed Releases |
---|---|
Cisco ASA 5500 Series Adaptive Security Appliances |
8.0(5.6) 8.1(2.39) 8.2(1.16) 8.3(0.08) 7.2(4.44) |
Cisco ACE 4700 Series Application Control Engine Appliances |
3.0(0)A3(2.4.61) |
Cisco ACE Application Control Engine Module |
3.0(0)A2(2.2.28) 3.0(0)A2(2.3) |
Cisco Application and Content Networking System (ACNS) Software |
5.5.17 |
Cisco Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module (FWSM) |
3.1(17) 3.2(15) 4.0(9) 4.1(1) |
Cisco Internet Streamer CDS |
2.6.0 |
Cisco Ironport's Email Security Appliance (X-series and C-series) |
7.0.1 and above |
Cisco Ironport's Web Security Appliance (S-series) |
6.3.3 and above |
Cisco Mobile Wireless Transport Manager (MWTM) |
6.1(2) |
Cisco Network Analysis Module Software (NAM) |
4.1(1-patch4) |
Cisco Network Collector |
6.1 |
Cisco NX-OS Software (Nexus 5000) |
4.1(3)N2(1a) |
Cisco NX-OS Software (Nexus 7000) |
4.2(3) 5.0 |
Cisco Security Agent CSA |
6.0(1.126) 6.0(2.099) |
Cisco Unified Communications Manager (CallManager) |
6.1(5) 8.0(0.98000.106) |
Cisco Unified Computing System Blade-Server |
4.0(1a)N2(1.2h) 4.0(1a)N2(1.2j) |
Cisco Unified IP Phones |
RT: Release 9.0.3 TNP: Release 9.0.2 |
Cisco Unified Intelligent Contact Management Enterprise |
7.5(8) 8.0(1) |
Cisco Unity Connection |
8.0(1) |
Cisco Wide Area Application Services (WAAS) |
4.1.7 4.2.1 |
Cisco Wireless LAN Controller (WLAN) |
6.0(196.000) |
Cisco Video Surveillance Media Server Software |
4.2.1/6.2.1 |
Fixed Cisco ASA software can be downloaded from: http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
All other fixed software can be downloaded from: http://www.cisco.com/cisco/psn/web/download/index.html
This vulnerability was initially discovered by Marsh Ray and Steve Dispensa from PhoneFactor, Inc.
Cisco is not aware of any malicious exploitation of this vulnerability.
Proof-of-concept exploit code has been published for this vulnerability.
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Revision 1.15 |
2011-October-20 |
Updated Vulnerable Products and Products Confirmed Not Vulnerable |
Revision 1.14 |
2010-July-22 |
Updated Vulnerable Products |
Revision 1.13 |
2010-March-29 |
Updated Fixed Software Versions for CUCM |
Revision 1.12 |
2010-March-10 |
Updated Fixed Software Versions for WAAS and WLC |
Revision 1.11 |
2010-March-03 |
IOS HTTP Secure Secure added to Products confirmed not vulnerable |
Revision 1.10 |
2010-February-26 |
Updated Fixed Software |
Revision 1.9 |
2010-February-05 |
Updated Affected Products and Details Sections |
Revision 1.8 |
2010-January-21 |
Updated Software Fixes Table and Products Confirmed Not Vulnerable |
Revision 1.7 |
2010-January-04 |
Affected Products Update. |
Revision 1.6 |
2009-December-18 |
Affected Products and Details Updates. |
Revision 1.5 |
2009-December-14 |
EAP-TLS and PEAP not vulnerable. |
Revision 1.4 |
2009-December-4 |
Details and Impact update. |
Revision 1.3 |
2009-December-3 |
Affected products update. |
Revision 1.2 |
2009-November-18 |
Affected products update. |
Revision 1.1 |
2009-November-16 |
Affected products update. |
Revision 1.0 |
2009-November-9 |
Initial public release. |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.