Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Cisco content switch SSL vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco content switch SSL vulnerability
Cisco announced a vulnerability in the 11500 and 11501 content switches with the optional SSL module.

The scope appears to be limited. You must be using certificate authentication and the CSS must be the SSL server. In the affected cases if ssl fails to renegotiate a session at the appropriate time it may be possible to bypass authentication. Those using SSL are strongly encouraged to upgrade as soon as possible.

42 Posts
Sep 9th 2005

Sign Up for Free or Log In to start participating in the conversation!