CB-K21/0317 Update 31
Risikostufe 4
Titel:OpenSSL: Mehrere SchwachstellenDatum:01.09.2021Software:Open Source OpenSSL < 1.1.1k, Amazon Linux 2, Cisco SD-WAN, Cisco Unified Computing System (UCS), Oracle Linux, Red Hat Enterprise Linux, Cisco Firepower, Cisco Identity Services Engine (ISE), Cisco IP Phone, Cisco Meeting Server, Cisco Prime Infrastructure, Cisco Router c800 series, Cisco Video Surveillance Media Server, Cisco WebEx Room Phone, Cisco WebEx Wireless Phone, Cisco Wireless IP Phone 8821, Gentoo Linux, Unify OpenScape 4000, Unify OpenScape Branch, Unify OpenScape SBC, Unify OpenScape Xpert, Cisco Jabber, Cisco Nexus 3000, Cisco Nexus 9000, Cisco Small Business RV130, Cisco Small Business RV320, Cisco Small Business RV325, Cisco Unified Contact Center Enterprise RV130, Cisco Unified Intelligent Contact Manager (ICM) RV130, Cisco WebEx Meetings for iOS, Cisco WebEx Video Mesh, Cisco WebEx Meetings Server, Cisco Web Security Appliance, Cisco Wireless Access Point wap121, Cisco Wireless Access Point wap321, Cisco Wireless Access Point wap371, Tenable Security Nessus < 8.13.2, SUSE Linux, Avaya Aura Experience Portal, McAfee Data Loss Prevention 11.x, McAfee Threat Intelligence Exchange, McAfee Web Gateway, Meinberg LANTIME, Tenable Security Nessus Network Monitor < 5.13.1, HPE Fabric OS < 8.2.3, HPE Fabric OS < 9.0.1b, Hitachi Ops Center, Broadcom Brocade Switch, Pulse Secure Pulse Connect Secure, HPE Switch, HCL BigFix, Ubuntu Linux, Debian LinuxPlattform:Applicance, CISCO Appliance, Hardware Appliance, Linux, MacOS X, Sonstiges, UNIX, WindowsAuswirkung:Umgehen von SicherheitsvorkehrungenRemoteangriff:JaRisiko:hochCVE Liste:CVE-2021-3449, CVE-2021-3450Bezug:
Beschreibung
OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen und um kryptografische Sicherheitsmechanismen zu umgehen.
Quellen:
- OpenSSL Security Advisory 20210325 vom 2021-03-25
- Ubuntu Security Notice USN-4891-1 vom 2021-03-25
- Debian Security Advisory DSA-4875 vom 2021-03-25
- SUSE Security Update SUSE-SU-2021:0954-1 vom 2021-03-25
- SUSE Security Update SUSE-SU-2021:0955-1 vom 2021-03-25
- FreeBSD Security Advisory FreeBSD-SA-21:07.openssl vom 2021-03-25
- Arch Linux Security Advisory ASA-202103-10 vom 2021-03-25
- Cisco Security Advisory cisco-sa-openssl-2021-GHY28dJd vom 2021-03-25
- PoC CVE-2021-3449
- Amazon Linux Security Advisory ALAS-2021-1622 vom 2021-03-26
- Oracle Linux Security Advisory ELSA-2021-1024 vom 2021-03-30
- Cisco Security Advisory cisco-sa-openssl-2021-GHY28dJd vom 2021-03-29
- Red Hat Security Advisory RHSA-2021:1024 vom 2021-03-30
- Oracle Linux Security Advisory ELSA-2021-9151 vom 2021-04-01
- Unify Security Advisory Report OBSO-2103-01 vom 2021-03-31
- Gentoo Linux Security Advisory GLSA-202103-03 vom 2021-03-31
- Cisco Security Advisory cisco-sa-openssl-2021-GHY28dJd vom 2021-03-31
- Cisco Security Advisory cisco-sa-openssl-2021-GHY28dJd vom 2021-04-05
- Tenable Security Advisory
- Red Hat Security Advisory RHSA-2021:1063 vom 2021-04-05
- Red Hat Security Advisory RHSA-2021:1131 vom 2021-04-07
- SUSE Security Update SUSE-SU-2021:1109-1 vom 2021-04-09
- Tenable Security Advisory
- Red Hat Security Advisory RHSA-2021:1168 vom 2021-04-13
- AVAYA Security Advisory ASA-2021-025 vom 2021-04-13
- Red Hat Security Advisory RHSA-2021:1202 vom 2021-04-14
- Red Hat Security Advisory RHSA-2021:1200 vom 2021-04-14
- Red Hat Security Advisory RHSA-2021:1199 vom 2021-04-14
- Red Hat Security Advisory RHSA-2021:1189 vom 2021-04-14
- Red Hat Security Advisory RHSA-2021:1203 vom 2021-04-14
- Red Hat Security Advisory RHSA-2021:1196 vom 2021-04-14
- Red Hat Security Advisory RHSA-2021:1195 vom 2021-04-14
- McAfee Security Bulletin
- Meinberg Security Advisory MBGSA-2021.02 vom 2021-04-20
- Meinberg Security Advisory
- Red Hat Security Advisory RHSA-2021:1338 vom 2021-04-22
- Red Hat Security Advisory RHSA-2021:1230 vom 2021-04-27
- Red Hat Security Advisory RHSA-2021:1448 vom 2021-04-28
- Nessus Network Monitor Security Advisory
- Brocade Security Advisory
- Red Hat Security Advisory RHSA-2021:2041 vom 2021-05-19
- Hitachi Vulnerability Information HITACHI-SEC-2021-117 vom 2021-05-21
- Hitachi Vulnerability Information HITACHI-SEC-2021-119 vom 2021-05-21
- HPE Security Bulletin hpesbst04140en_us vom 2021-06-02
- Red Hat Security Advisory RHSA-2021:2479 vom 2021-06-17
- Red Hat Security Advisory RHSA-2021:2532 vom 2021-06-23
- Red Hat Security Advisory RHSA-2021:2543 vom 2021-06-24
- Pulse Secure Security Advisory SA44845 vom 2021-07-14
- SUSE Security Update SUSE-SU-2021:2326-1 vom 2021-07-14
- SUSE Security Update SUSE-SU-2021:2323-1 vom 2021-07-14
- SUSE Security Update SUSE-SU-2021:2327-1 vom 2021-07-14
- SUSE Security Update SUSE-SU-2021:2353-1 vom 2021-07-15
- HPE Security Bulletin
- HCL Article KB0090800 vom 2021-08-03
- Red Hat Security Advisory RHSA-2021:3016 vom 2021-08-06
- Ubuntu Security Notice USN-5038-1 vom 2021-08-12
- Debian Security Advisory DLA-2751 vom 2021-08-31