Multiple Vulnerabilities in OpenSSL Component of Cisco Devices

Reported October 1, 2003 by Cisco.





  • Cisco IOS 12.1(11)E and later in the 12.1E release train with crypto images (56i and k2)

  • Cisco PIX Firewall

  • Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series and Cisco 7600 Series routers

  • Cisco Network Analysis Modules (NAM) for the Cisco Catalyst 6000 and 6500 Series switches and Cisco 7600 Series routers

  • Cisco Content Service Switch (CSS) 11000 series

  • Cisco Global Site Selector (GSS) 4480

  • Cisco Application & Content Networking Software (ACNS)

  • Cisco SN 5428 Storage Router

  • CiscoWorks 1105 Hosting Solution Engine (HSE)

  • CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)

  • CiscoWorks Common Services (CMF)

  • Cisco SIP Proxy Server (SPS)





OpenSSL is a component used in the above products manufactured by Cisco. Multiple vulnerabilities in OpenSSL that can result in a Denial of Service (DoS) condition or execution of arbitrary code on the vulnerable system. These vulnerabilities are as follows:
·         Certain ASN.1 encodings that the parser rejects as invalid can trigger a bug in the deallocation of the corresponding data structure, thereby corrupting the stack. The vulnerability can permit a DoS attack. the potential for exploiting this vulnerability to run malicious code is unknown. This problem doesn't affect OpenSSL 0.9.6.
·         Unusual ASN.1 tag values can cause an out-of-bounds read under certain circumstances, resulting in a DoS vulnerability.
·         A malformed public key in a certificate can crash the verify code if it's set to ignore public-key decode errors. Public-key decode errors aren't typically ignored, except for debugging purposes, so this vulnerability is unlikely to affect production code. Exploitation of an affected application can result in a DoS vulnerability.



Cisco has released a security bulletin concerning these vulnerabilities and recommends that affected customers obtain a patch, when it becomes available, through normal support channels.


Discovered by UK National Infrastructure Security Co-Ordination Centre.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.