Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

OpenSSL vulnerability (2nd bug)

We just received another security advice regarding OpenSSL vulnerability (Document ID: 45643 Revision 2.0). The first bug was discovered in September. This is the second bug discovered for OpenSSL. Last time both 6.2X and 6.3X code were affected. We have already upgarded our pix firewalls to 6.23102 and 6.33102.

How about this time ? Are BOTH 6.2x and 6.3x are affected by this second bug ? When the fix(es) be available ? Thanks.

2 REPLIES
Cisco Employee

Re: OpenSSL vulnerability (2nd bug)

Hi,

From the advisory:

Cisco PIX Firewall - The first vulnerability is fixed in software release 6.3(3.102). The second vulnerability is fixed in software release 6.3(3.109). CCO availability TBD.

If you see the bug mentioned in the advisory and find out more details on this bug, it says 6.2 and 6.3 are affected.

6.3.3.109 has been released to TAC now.

Thanks

Nadeem

New Member

Re: OpenSSL vulnerability (2nd bug)

The only version listed at CCO is PIX OS version 6.3(3). I don't see 6.3(3.102)

110
Views
0
Helpful
2
Replies