HomePentest-Tools.com Logo

Cisco IP Phone 8800 Series Multiple Vulnerabilities in OpenSSL CVE-2015-3193CVE-2015-3194CVE-2015-3195CVE-2015-3196CVE-2015-1794

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

On December 3, 2015, the OpenSSL Project released a security advisory detailing five vulnerabilities. Cisco IP Phone 8800 Series incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Risk description

Multiple OpenSSL vulnerabilities affecting Cisco IP Phone 8800 Series: - A vulnerability in the Montgomery multiplication module of OpenSSL could allow an unauthenticated, remote attacker to cause the library to produce unexpected and possibly weak cryptographic output (CVE-2015-3193). - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition (CVE-2015-3194). - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition (CVE-2015-3195). - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition (CVE-2015-3196). - A vulnerability in the anonymous Diffie-Hellman cipher suite in OpenSSL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition (CVE-2015-1794).

Recommendation

Update to Release 11.5(1) or later

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 6, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available