Document 6567329

Transcription

Document 6567329
October 17, 2014
OpenSSL POODLE Vulnerability Assessment for Brocade
Revision 1.0
Vulnerabilities:
CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses
nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext
data via a padding-oracle attack, aka the "POODLE" issue.
Vulnerability Statement: Statement of vulnerability from OpenSSL.org
Summary: Select Brocade products use the OpenSSL package and may be impacted by this
vulnerability. Brocade is working to develop a comprehensive plan to address this issue in all vulnerable
products. This notice will be updated as more information becomes available. Where there are impacts
and fixes these will be published in product-specific TSBs.
Initial Assessment of Vulnerability for Brocade Products
Product
Current status
Network Advisor
The following releases are impacted Network Advisor 12.0.x to 12.3.x and
Network Advisor 11.0.x to 11.3.x (If SSL is enabled)
Fabric OS
Impacted.
Network OS
Under investigation.
NetIron
Impacted
FastIron
Impacted.
BigIron RX
Under investigation.
ServerIron ADX
Impacted.
ServerIron JetCore
Impacted
Virtual ADX
Impacted.
Vyatta vRouter
Impacted.
ARB
Under investigation.
ServerIron-XL
Under investigation.
IronView Network
Manager
Impacted
USD-X
Under investigation.
DCFM
All DCFM releases impacted if SSL enabled.
Brocade Mobility
Controllers
Under investigation.
Product
Current status
Brocade Mobility
Access Points
Under investigation.
Brocade Monitoring, Analytics, and Remote Troubleshooting Environment
 Under investigation
Brocade IT
 Systems are currently being scanned to determine any vulnerability and results will posted by 10/21.
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES
AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES
OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE
INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED
HEREIN IS BASED ON BROCADE’S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE
VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS.
BROCADE
RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
Document Revision
1.0
Changes
First release
page 2