Home

CVE-2016-7054

Description

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
16.505

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2016-7055,CVE-2016-7054,CVE-2016-7053 are fixed in OpenSSL (x64) 1.1.0cWindows
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Application Policy Infrastructure Controller (APIC)NCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Jabber for MacNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Jabber Software Development KitNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Security ManagerNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco UCS DirectorNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Unified Contact Center EnterpriseNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Unity ConnectionNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Virtual Wireless ControllerNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco ConductorNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Wide Area Application Services (WAAS) AppliancesNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco ONS 15454 Series Multiservice Provisioning PlatformsNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Video Surveillance ManagerNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Identity Services EngineNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Unified Attendant ConsolesNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Unified Mobile CommunicatorNCM
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 For Cisco Unified Workforce OptimizationNCM
Improper Access Control Vulnerability (CVE-2016-7054)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706006Security Update for Cisco Application Policy Infrastructure Controller (APIC) 1.3(2k)
PATCH-1706051Security Update for Cisco Jabber Software Development Kit 11.8(2)
PATCH-1705795Security Update for Cisco Security Manager 4.12(0.64)
PATCH-1705947Security Update for Cisco UCS Director 6.0(1.0)
PATCH-1705943Security Update for Cisco Unified Contact Center Enterprise 11.6(1)SR0(0)
PATCH-1706048Security Update for Cisco Unity Connection 12.0(0.97000.184)
PATCH-1705937Security Update for Cisco Virtual Wireless Controller 8.3(15.155)
PATCH-1705867Security Update for Cisco Conductor 3.600
PATCH-1706001Security Update for Cisco Wide Area Application Services (WAAS) Appliances 6.3(0.185)
PATCH-1705963Security Update for Cisco ONS 15454 Series Multiservice Provisioning Platforms 10.6(2)
PATCH-1706045Security Update for Cisco Video Surveillance Manager 7.10
PATCH-1706002Security Update for Cisco Identity Services Engine 2.0(0.905)
PATCH-1706047Security Update for Cisco Unified Attendant Consoles 11.0(2)
PATCH-1705976Security Update for Cisco Unified Mobile Communicator 11.8(1.250274)
PATCH-1705884Security Update for Cisco Unified Workforce Optimization 11.5(1)SGN1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234