TLS and its predecessor, SSL, are cryptographic protocols that provide
security for communications over IP data networks such as the Internet. An
industry-wide vulnerability exists in the TLS protocol that could impact any
Cisco product that uses any version of TLS and SSL. The vulnerability exists in
how the protocol handles session renegotiation and exposes users to a potential
The following Cisco Bug IDs are being used to track potential exposure
to the SSL and TLS issues. The bugs listed below do not confirm that a product
is vulnerable, but rather that the product is under investigation by the
appropriate product teams.
This vulnerability has been assigned the Common Vulnerabilities and
Exposures (CVE) identifier CVE-2009-3555.