Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Vulnerability Alert

OpenSSL TLS/DTLS Heartbeat Information Disclosure Vulnerability

 
Threat Type:CWE-200: Information Leak / Disclosure
IntelliShield ID:33695
Version:22
First Published:2014 April 08 14:39 GMT
Last Published:2014 July 09 16:11 GMT
Port: Not available
CVE:CVE-2014-0160
BugTraq ID:66690
Urgency:Possible use
Credibility:Confirmed
Severity:Mild Damage
CVSS Base:5.0 CVSS Calculator
CVSS Version 2.0
CVSS Temporal:5.0
 
Version Summary:ABB has released a security advisory and updated software to address the OpenSSL TLS/DTLS heartbeat information disclosure vulnerability.
 
 
Description
A vulnerability in the Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) heartbeat functionality in OpenSSL used in multiple Cisco products could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server.

The vulnerability is due to a missing bounds check in the handling of the TLS heartbeat extension. An attacker could exploit this vulnerability by implementing a malicious TLS or DTLS client, if trying to exploit the vulnerability on an affected server, or a malicious TLS or DTLS server, if trying to exploit the vulnerability on an affected client. The attacker could then send a specially-crafted TLS or DTLS heartbeat packet to the connected client or server. An exploit could allow the attacker to disclose a limited portion of memory from a connected client or server for every heartbeat packet sent. The disclosed portions of memory could contain sensitive information that may include private keys and passwords.

Functional code that exploits this vulnerability is available as part of the Metasploit framework.

OpenSSL has confirmed the vulnerability and released software updates.
 
Warning Indicators
OpenSSL versions 1.0.1 through 1.0.1f are vulnerable.
 
IntelliShield Analysis
An attacker could exploit this vulnerability to access memory from an application that uses an affected version of OpenSSL in chunks of 64k; however, repeated exploitation could allow the attacker to retrieve additional memory to further retrieve sensitive information. However, widespread attacks have not been detected or reported.

A secondary impact of the vulnerability, the compromise of certificate secret key information, could allow attackers to decrypt captured network traffic, whether stored or in transit. Attackers also require a privileged position in the network to capture network traffic, increasing the difficulty of leveraging information gained from exploits against the vulnerability.

If sites are using SSL certificates for authentication, attackers could use stolen secret keys to impersonate a trusted host, possibly for use as part of phishing or spoofing attacks.


CVSS temporal scoring metrics on this vulnerability reflect software products affected by the vulnerability that have no available software updates. Products with available software updates have a reduced temporal score.
 
Vendor Announcements
OpenSSL.org has released a security advisory at the following link: CVE-2014-0160

ABB has released a security advisory at the following link: ABB Doc ID - 1MRG016193

Apple has released a security advisory at the following link: HT6203

Atvise has released a security advisory at the following link: Patch OpenSSL

BlackBerry has released a security notice at the following link: KB35882

Blue Coat has released a security advisory at the following link: SA79

CA has released a security notice at the following link: CA20140413-01

Cisco has released a security advisory at the following link: cisco-sa-20140409-heartbleed. Cisco has also released a blog post to address the vulnerability relating to Cisco products at the following link: Cisco products and mitigations


Digi has released a security advisory at the following link: CVE-2014-0160

FreeBSD has released a VuXML document at the following link: OpenSSL -- Multiple vulnerabilities - private data exposure. FreeBSD has also released a security advisory at the following link: FreeBSD-SA-14:06.openssl

HP has released security bulletins c04236102, c04239374, c04240206, c04250814, c04255796, c04260456, c04260505, c04260353, c04267775, c04264271, c04263236, c04273303 and c04264595 at the following links: HPSBMU02995 rev.2, HPSBMU02999 SSRT101505HPSBST03001 SSRT101506, HPSBGN03010 SSRT101517, HPSBMU03012 SSRT101504, HPSBMU03017 SSRT101528, HPSBMU03018 SSRT101529, HPSBMU03019 SSRT101530, HPSBMU03025 SSRT101539, HPSBMU03023 SSRT101535, HPSBMU03022 SSRT101527, HPSBST03027 SSRT101537, and HPSBST03004 SSRT101514

IBM has released a security bulletin at the following link: AIX OpenSSL Heartbleed Vulnerability CVE-2014-0160

ICS-CERT has released security advisories at the following links: ICSA-14-114-01, ICSA-14-105-03A, ICSA-14-128-01, ICSA-14-135-02, ICSA-14-135-04, and ICSA-14-126-01A

Juniper Networks has released a security bulletin at the following link: JSA10623


Microsoft has released a security advisory at the following link: 2962393

Oracle has released a security bulletin at the following link: OpenSSL Security Bug - Heartbleed / CVE-2014-0160

Red Hat has released an official CVE statement and security advisories for bug 1084875 at the following links:
CVE-2014-0160, RHSA-2014:0376, RHSA-2014:0377, RHSA-2014:0378, RHSA-2014:0396, and RHSA-2014:0416.

Siemens has released a security advisory at the following link: SSA-635659


Unified Automation has released a security advisory at the following link: Heartbleed Bug in OpenSSL

US-CERT has released a vulnerability note at the following link: VU#720951

VMware has released a Knowledge Base article and a security advisory at the following links: KB: 2076225 and VMSA-2014-0004
 
Impact
An unauthenticated, remote attacker could exploit the vulnerability to obtain sensitive cryptographic information, such as secret keys. The attacker could use this information to conduct man-in-the-middle or spoofing attacks.
 
Technical Information
The vulnerability is due to improper bounds checking by the affected software while handling TLS and DTLS heartbeat extension packets.

An unauthenticated, remote attacker could exploit this vulnerability by submitting crafted TLS or DTLS heartbeat packets to an affected device. If successful, the attacker could retrieve sensitive information, such as secret keys, that could be used to decrypt other sensitive information or conduct man-in-the-middle attacks.
 
Safeguards
Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider disabling OpenSSL heartbeat support by recompiling OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag.

Administrators can help protect affected systems from external attacks by using a solid firewall strategy.

Administrators are advised to monitor affected systems.
 
Patches/Software
OpenSSL.org has released an updated version at the following link: OpenSSL 1.0.1g

ABB customers could obtain software patches and installation support from their local ABB customer support channels.

Apple has released software updates at the following link: Airport Base Station Firmware 7.7.3

Atvise has released updated software at the following link: Heartbleed Bug

Blue Coat has released a patch for registered users at the following link: ProxySG 6.5.3.6 and later


CA has released software updates at the following links:
CA ARCserve D2D for Windows 16.5
RO69431
CA ARCserve D2D for Linux 16.5
RO69417
CA ARCserve Replication and High Availability 16.5
RI69547
CA ecoMeter 3.1 and CA eHealth  6.3.0.05 - 6.3.1.01 for
Windows: RO69554
Linux: RO69556
Solaris: RO69555
CA ecoMeter 4.0, 4.1 and 4.2 and CA eHealth 6.3.1.02 - 6.3.2.04 for
Windows: RO69442
Linux: RO69443
Solaris: RO69444

CentOS packages can be updated using the up2date or yum command.

Digi has released software fixes in the github repository, and instructions for this update are at the following link: Digi Embedded Yocto 1.4 

FreeBSD has released ports collection updates at the following link: Ports Collection Index. FreeBSD has also released patches to mitigate this vulnerability. Details on installing the patches are describe in the vendor's security advisory located in the "Vendor Announcements" section.

HP has released updated software at the following link: CVE-2014-0160

HP has released software updates and described additional steps in the vendor advisory for registered customers running HP Autonomy WorkSite Server at the following link: iManage WorkSite

HP has released remediation guidelines and described additional steps in the vendor advisory for registered customers running HP Server Automation at the following link: SA_Alert_Heartbleed_Vulnerability

HP has released patches available via normal HP Services support channels.

IBM has released software fixes at the following FTP link: openssl_ifix7. Additional instructions are needed after applying the patch; these are located in the vendor's security bulletin.

Juniper Networks has released software updates for registered users at the following link: SSL VPN 8.0R3.1 and 7.4R9.1


Microsoft customers can obtain updates directly by using the links in the security bulletin. These updates are also distributed by Windows automatic update features and available on the Microsoft Update service. Microsoft Windows Server Update Services (WSUS), Systems Management Server, and System Center Configuration Manager can assist administrators in deploying software updates.


Oracle has released software patches for affected products outlined in the vendor advisory for registered customers at the following link: Oracle

Red Hat has released updated software for registered subscribers at the following link: Red Hat Network. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later using the yum tool.


Siemens customers are advised to acquire the firmware update, eLAN version 8.3.3, and WinCC OA version 3.12-P006 via normal Siemens support channels.

Tableau Software has released software updates at the following link: Tableau Alternate Download Site

Unified Automation customers are advised to download OpenSSL 1.0.1g and recompile the SDK and affected server.

VMware has released a patch and instructions for installing the patch in a security advisory about critical updates to vFabric Web Server at the following link: vFabric Web Server

Signatures
 
Cisco Intrusion Prevention System (IPS) 6.0
Signature IDSignature NameReleaseLatest Release Date
4187/0OpenSSL Information DisclosureS7862014 Apr 10 
4187/1OpenSSL Information DisclosureS7862014 Apr 10 
4187/2OpenSSL Information DisclosureS7862014 Apr 10 
4187/3OpenSSL Information DisclosureS7872014 Apr 15 
4187/4OpenSSL Information DisclosureS7882014 Apr 17 
 
Alert History
 

Version 21, May 19, 2014, 9:15 AM: CA has released a security notice and updated software to address the OpenSSL TLS/DTLS heartbeat information disclosure vulnerability.

Version 20, May 16, 2014, 3:06 PM: ICS-CERT has released additional security advisories to address the OpenSSL TLS/DTLS heartbeat information disclosure vulnerability. Tableau Software has released software updates and Unified Automation has released a security advisory and mitigation steps to address the vulnerability.

Version 19, May 9, 2014, 9:41 AM: ICS-CERT has released an additional security advisory to address the OpenSSL TLS/DTLS heartbeat information disclosure vulnerability. Digi has also released a security advisory and updated software to address this vulnerability.

Version 18, May 7, 2014, 9:11 AM: Siemens has released a security advisory and updated packages to address the OpenSSL TLS/DTLS heartbeat information disclosure vulnerability. ICS-CERT has also released a security advisory to address this vulnerability.

Version 17, May 6, 2014, 8:47 AM: Microsoft has released a security advisory and software updates to address the OpenSSL TLS/DTLS heartbeat information disclosure vulnerability.

Version 16, May 5, 2014, 8:19 AM: HP has released additional security advisories and updated software to address the OpenSSL TLS/DTLS heartbeat information disclosure vulnerability.

Version 15, April 28, 2014, 8:54 AM: HP has released additional security bulletins and remediation steps to address the OpenSSL TLS/DTLS heartbeat information disclosure vulnerability.

Version 14, April 25, 2014, 8:30 AM: ICS-CERT has released a security advisory to address the OpenSSL TLS/DTLS heartbeat information disclosure vulnerability.

Version 13, April 24, 2014, 2:46 PM: Apple and Oracle have released security advisories and updated software to address the OpenSSL TLS/DTLS heartbeat information disclosure vulnerability.

Version 12, April 23, 2014, 12:00 PM: HP has released additional security bulletins and updated software to address the OpenSSL TLS/DTLS heartbeat information disclosure vulnerability.

Version 11, April 21, 2014, 10:48 AM: HP has released an additional security bulletin to address the OpenSSL TLS/DTLS heartbeat information disclosure vulnerability.

Version 10, April 18, 2014, 10:48 AM: HP has released an additional security bulletin and remediation steps to address the OpenSSL heartbeat information disclosure vulnerability.

Version 9, April 18, 2014, 8:53 AM: Red Hat has released an additional security advisory and updated packages to address the OpenSSL heartbeat information disclosure vulnerability.

Version 8, April 17, 2014, 12:40 PM: HP has released additional security bulletins and updated software to address the OpenSSL heartbeat information disclosure vulnerability.

Version 7, April 15, 2014, 8:51 AM: VMware has released an additional security advisory and updated software to address the OpenSSL heartbeat information disclosure vulnerability.

Version 6, April 14, 2014, 4:00 PM: BlackBerry, IBM, Red Hat, VMware, and HP have released security advisories and software updates to address the OpenSSL heartbeat information disclosure vulnerability. Functional exploit code that exploits this vulnerability is also publicly available.

Version 5, April 10, 2014, 5:45 PM: Blue Coat has released a security advisory and software updates to address the OpenSSL heartbeat information disclosure vulnerability.

Version 4, April 9, 2014, 4:04 PM: Additional information is available related to the OpenSSL heartbeat information disclosure vulnerability.

Version 3, April 9, 2014, 12:05 PM: FreeBSD and Juniper Networks have released security advisories and software updates to address the OpenSSL heartbeat information disclosure vulnerability. Cisco has also released a security advisory and blog post to address the vulnerability.

Version 2, April 8, 2014, 12:50 PM: Proof-of-concept code that exploits the OpenSSL heartbeat information disclosure vulnerability is publicly available.

Version 1, April 8, 2014, 10:39 AM: OpenSSL contains a vulnerability that could allow an unauthenticated, remote attacker to gain access to sensitive information. Updates are available.



Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
OpenSSLopenssl 1.0.1 Base | 1.0.1a Base | 1.0.1b Base | 1.0.1c Base | 1.0.1d Base | 1.0.1e Base | 1.0.1f Base

Associated Products:
ABB Asea Brown Boveri Ltd.Relion 650 Series 1.3.0 Base
AppleAirPort Base Station Firmware 7.6 Base, .1, .2, .3 | 7.7 Base, .1, .2
AppleAirport Extreme 7.6 Base, .1 | 7.7 Base, .1, .2
AppleTime Capsule 7.6 Base, .1, .2, .3 | 7.7 Base, .1, .2
AtviseScada 2.3 Base
BlackBerryBBM for iOS and Android Original Release Base
BlackBerryBlackBerry Link for Mac OS 1.0 Base, .1 (build 6) | 1.1 Base, .1 (build 35)
BlackBerryBlackberry Link for Windows 1.0 Base, .1.12 | 1.2 Base, .0.28
BlackBerrySecure Work Space for iOS and Android Original Release Base
Blue Coat Systems, Inc.Content Analysis System 1.1 .1.1, .2.1, .3.1, .4.1, .5.1
Blue Coat Systems, Inc.Malware Analysis Appliance 1.1 .1
Blue Coat Systems, Inc.ProxyAV 3.5 .1.1, .1.2, .1.3, .1.4, .1.5, .1.6
Blue Coat Systems, Inc.ProxySG 6.5 .1.1, .2.1, .3.1, .3.5
Blue Coat Systems, Inc.SSL Visibility 3.7 Base
CAARCserve D2D 16.5 Base
CAARCserve Replication and High Availability 16.5 Base
CACA eHealth Performance Manager 6.3 Base
CAMobile Device Management Base Base
CAecoMeter 3.1 Base | 4.0 Base | 4.1 Base | 4.2 Base
CentOS ProjectCentOS 6 .0 i386, .0 x86_64, .1 i386, .1 x86_64, .2 i386, .2 x86_64
CiscoCisco TelePresence Video Communication Server (VCS) X7.2 Base, .1, .2 | X8.1 Base
CiscoCisco Desktop Collaboration Experience DX650 Software 10.0 Base, (1)
CiscoCisco Unified IP Phones 9900 Series Firmware 9.4 .1
CiscoCisco Unified IP Phone 8945 9.3 Base, (2)
DigiConnectPort LTS Original Release Base
DigiConnectPort X2e Original Release Base
DigiDigi Embedded Linux 5.9 Base
DigiDigi Embedded Yocto 1.4 Base
DigiWireless Vehicle Bus Adapter (WVA) Original Release Base
FreeBSD ProjectFreeBSD 6.3 Base | 6.4 Base | 7.0 Base | 7.1 Base | 7.2 Base | 7.3 Base | 7.4 Base | 8.0 Base | 8.1 Base | 8.2 Base | 8.3 Base | 9.0 Base | 9.1 Base | 9.2 Base
HPAsset Manager 9.40 Base, CSC
HPConnect-IT 9.52 Base | 9.53 Base
HPHP Autonomy WorkSite Server 9.0 SP1
HPHP BladeSystem c-Class Virtual Connect Support Utility (VCSU) 1.9.0 Base
HPHP Cloud System Chargeback 9.40 Base
HPHP CIT (ConnectIT) 9.52 Base | 9.53 Base
HPHP Diagnostics 9.23 Base | 9.23 IP1 Base
HPHP Executive Scorecard 9.40 Base | 9.41 Base
HPHP IBRIX X9320 Storage Original Release Base
HPHP Insight Management VCEM Web Client SDK (VCEMSDK) 7.2 .2 | 7.3 Base
HPHP LeftHand OS 11.0 Base
HPHP P4000 G2 Storage Original Release Base
HPHP Server Automation 10.00 Base | 10.01 Base
HPHP Service Manager (HPSM) 9.32 Base | 9.33 Base
HPHP StoreAll OS 6.3 Base | 6.5 Base
HPHP StoreVirtual Storage 10.0 Base | 10.5 Base
HPHP Systems Insight Manager (SIM) 7.2 .1, .2, Base | 7.3 .1, Base
HPHP XP P9500 Disk Array OSS 70-06-00/00 Base | OSS 70-06-01/00 Base
HPMercury LoadRunner 11.52 Base | 12.0 Base
HPPerformance Center 11.52 Base | 12.0 Base
HPHP UCMDB Browser 1.0 Base | 2.0 Base | 3.1 Base
HPHP UCMDB Configuration Manager 9.1 Base | 9.2 Base | 9.3 Base | 10.01 Base | 10.10 Base
IBMAIX 5.3 Base, .7.0, .7.1, .8, .9, .10, .11, .12 | 6.1 .0, .1, .2, .3, .4, .5, .6, .7, .8 | 7.1 .0, .1, .2, .3
IBMVIOS 2.2 .3
Juniper Networks, Inc.Junos Pulse (Desktop) 4.0 r5 | 5.0 r1
Juniper Networks, Inc.Junos Pulse (Mobile) for Android 4.2 R1
Juniper Networks, Inc.Junos Pulse (Mobile) for iOS 4.2 R1
Juniper Networks, Inc.Junos Pulse Secure Access Service (SSL VPN) 7.4 r1 | 8.0 r1
Juniper Networks, Inc.JUNOS Software 13.3 Base
Juniper Networks, Inc.Network Connect 7.4 R5, R6, R7, R8, R9, R9.1 | 8.0 R1, R2, R3, R3.1
Juniper Networks, Inc.Odyssey Access Client 5.6 r5
Juniper Networks, Inc.UAC OS 4.4 r1 | 5.0 r1
Microsoft, Inc.Windows RT 8.1 Base
Microsoft, Inc.Windows 8.1 for 32-bit Systems Base | for 64-bit Systems Base
MySQLMySQL Connector/C 6.1.0 Base | 6.1.1 Base | 6.1.2 Base | 6.1.3 Base
MySQLMySQL Connector/ODBC 5.1.13 Base | 5.2.5 Base | 5.2.6 Base | 5.3.2 Base
MySQLMySQL Enterprise Backup 3.10.0 Base
MySQLMySQL Enterprise Monitor 2.3.13 Base | 2.3.14 Base | 2.3.15 Base | 3.0.0 Base | 3.0.1 Base | 3.0.2 Base | 3.0.3 Base | 3.0.4 Base | 3.0.5 Base | 3.0.6 Base | 3.0.7 Base | 3.0.8 Base
MySQLMySQL Enterprise Server 5.6.11 Base | 5.6.12 Base | 5.6.13 Base | 5.6.14 Base | 5.6.15 Base | 5.6.16 Base | 5.6.17 Base
MySQLMySQL Workbench 6.1.4 Base
Oracle CorporationOracle Big Data Appliance Original Release Base
Oracle CorporationOracle Communications Application Session Controller 3.7.0 .m1p0, .m2p0
Oracle CorporationOracle Communications Interactive Session Recorder 4.0.0 Base
Oracle CorporationOracle Communications Internet Name and Address Management Original Release Base
Oracle CorporationOracle Communications Network Charging and Control 5.0.1 Base
Oracle CorporationOracle Communications Session Delivery Manager 7.3 Base
Oracle CorporationOracle Communications Session Monitor Suite 3.3.40 Base | 3.3.50 Base
Oracle CorporationOracle Communications WebRTC Session Controller 7.0.1 Base
Oracle CorporationOracle Endeca Server 7.4 Base | 7.5 .1.1, Base
Oracle CorporationOracle Explorer Original Release Base
Oracle CorporationOracle Linux 6 Base
Oracle CorporationOracle Mobile Security Suite Orginial Release Base
Oracle CorporationOracle Virtual Compute Appliance Software Original Release Base
Oracle CorporationPrimavera P6 Enterprise Project Portfolio Management 6.1 Base | 6.2.1 Base | 7.0 Base | 8.1 Base | 8.2 Base | 8.3 Base
Oracle CorporationSolaris 11.2 Base
Red Hat, Inc.Red Hat Enterprise Linux Server AUS 6.5 x86_64
Red Hat, Inc.Red Hat Enterprise Linux Desktop 6 IA-32, x86_64
Red Hat, Inc.Red Hat Enterprise Linux HPC Node 6 x86_64
Red Hat, Inc.Red Hat Enterprise Linux Server 6 IA-32, PPC, PPC 64, s390, s390x, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Server EUS 6.5.z IA-32, PPC, PPC64, s390, s390x, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Workstation 6 IA-32, x86_64
Red Hat, Inc.Red Hat Enterprise Virtualization 3.0 x86_64 | 3.2 x86_64 | 3.3 Base, x86_64
Red Hat, Inc.Red Hat Storage Server 2.1 x86_64
Siemens CorpAPE 2.0 Base
Siemens CorpCP 1543-1 1.1 Base
Siemens CorpeLAN 8.2 Base | 8.3 .0, .1, .2
Siemens CorpSIMATIC S7-1500 Firmware 1 .5
Siemens CorpWinCC OA 3.12 Base
Tableau SoftwareTableau Server 8.0 .6, .7, .8, .9 | 8.1 .0, .1, .2, .3, .4, .5
Unified AutomationANSI C based OPC UA SDK for Windows 1.4.0 Base
Unified AutomationC++ based OPC UA SDK for Windows 1.4.0 Base
VMware, Inc.NSX-MH 4.0 Base
VMware, Inc.NSX-V 6.0 Base
VMware, Inc.NVP 3.0 Base
VMware, Inc.VMware vCenter Converter (P2V) 5.5 Base
VMware, Inc.vCenter Server 5.5 Base
VMware, Inc.vCloud Automation Center (vCAC) 5.1 Base | 5.2 Base
VMware, Inc.vCloud Networking and Security (vCNS) 5.1 .3 | 5.5 .1
VMware, Inc.vFabric Web Server 5.0 Base | 5.1 Base | 5.2 Base | 5.3 Base
VMware, Inc.VMware ESXi 5.5 Base
VMware, Inc.VMware Fusion 6.0 .0
VMware, Inc.VMware Horizon Mirage 4.4 Base
VMware, Inc.VMware Horizon View 5.2 Feature Pack 2 | 5.3 Feature Pack 1
VMware, Inc.VMware Horizon View Client for Android 2.1 Base | 2.2 Base | 2.3 Base
VMware, Inc.VMware Horizon View Client for iOS 2.1 Base | 2.2 Base | 2.3 Base
VMware, Inc.VMware Horizon View Client for Windows 2.3 Base
VMware, Inc.VMware Horizon Workspace 1.0 Base | 1.5 Base | 1.8 Base
VMware, Inc.VMware Horizon Workspace Client for Macintosh 1.5 .1, .2
VMware, Inc.VMware Horizon Workspace Client for Windows 1.5 .1, .2
VMware, Inc.VMware Horizon Workspace for Macintosh 1.8 Base
VMware, Inc.VMware Horizon Workspace for Windows 1.8 Base
VMware, Inc.OVF Tool 3.5 Base




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield