December 5, 2005 11:15 AM PST
Cisco responds to OpenSSL security flaw
- Related Stories
-
Cisco buys Cybertrust security service
November 30, 2005 -
Cisco's IP vision becomes reality
November 18, 2005 -
Fixes are in for OpenSSL
March 17, 2004
Cisco Systems on Friday issued a security advisory regarding the use of open-source security software OpenSSL on several of its products. Cisco's advisory follows one issued in October by the OpenSSL Project, which noted that the vulnerabilities could lead to a malicious attacker launching remote code against users' systems.
OpenSSL is an open-source version of secure sockets layer, or SSL, encryption that is used by a number of Web browsers to secure data transmission over the Internet. Cisco's advisory noted that six of its product categories can be affected by the flaws: ASA 5500 and Cisco Pix running 7.x software; CiscoWorks Common Services versions 3.0 and 2.2; Cisco Mainframe Channel Connection PA-4C-E, PA-IC-E, PA-IC-P, CX-CIP2 tn3270 server; Cisco Global Site Selector 4480, 4490 and 4491; Cisco Wireless Control System Software and CiscoIOS-XR.
See more CNET content tagged:
OpenSSL, Cisco Systems Inc., SSL, open source, security




First man in the middle attacks are really difficult to perform.
Second, iff they didn't use SSL at all and sent the info in clear text people would not even bother calling it a vuln. But since it is possible to make the client negotiate an SSL 2.0 session instead of 3.0 people want to sensationalize like it is remote level 15 access.
Most people won't bother to look at the details of this release beyond "CISCO ROUTER VULNERABILITY" so all you have really done is give Cisco a black eye when they didn't even deserve it.
I think this article was irresponsible.