Broadcom OpenSSL POODLE Vulnerability Assessment for Brocade User guide

Brand: Broadcom

Model: OpenSSL POODLE Vulnerability Assessment for Brocade

Type: User guide

Broadcom OpenSSL POODLE Vulnerability Assessment for Brocade provides information on OpenSSL vulnerability CVE-2014-3566. This vulnerability affects SSL protocol 3.0 and allows man-in-the-middle attackers to obtain cleartext data via a padding oracle attack. The document includes the current assessment of Brocade products and provides instructions on how to mitigate the vulnerability. The advisory includes information on impacted products, fixed versions, and workarounds.

Brocade Security Advisory ID: BSA-2014-002

Initial Publication Date: March 10, 2015

Revision: 1.7

Revision Date: April 7, 2017

Page 1

Component: OpenSSL

CVSS: 4.3

CVE-2014-3566: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses

nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain

cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Product

Current Assessment

Brocade SDN Controller

Not Impacted

Brocade 5400 vRouter

Impacted – Fixed in 6.7R4.

Brocade 5600 vRouter

Not Impacted

Brocade Fabric OS

Impacted – v6.x through v7.x.

Fixed in 7.2.1d, 7.3.0c, 7.3.1, 6.4.3g, and 6.2.2g.

Brocade Network OS

Not Impacted

Brocade NetIron

Not Impacted

Brocade FastIron

Not Impacted

Brocade BigIron RX

Impacted - Fixed in RX02800g and RX02900d.

ServerIron JetCore

Impacted – 10.2.02 and 11.0.00.

Fixed in 10.2.02h.

Brocade ServerIron ADX

Impacted – 12.3.01, 12.4.0, and 12.5.1.

Fixed in 12.3.01p, 12.4.00s, and 12.5.01f.

Brocade Virtual ADX

Impacted Virtual ADX 3.0.00.

Fixed in Virtual ADX 3.1.01

Brocade Virtual Traffic Manager

(formerly Brocade SteelApp Traffic

Manager (STM))

Impacted - Disable SSL 3.0 in the global settings and all

virtual server and pool configuration files where

ssl_decrypt and ssl_encrypt are enabled. SSL 3.0 is

disabled by default on installations of version 9.9 and

later.

Brocade Services Director (formerly

SteelApp Services Controller (SSC))

Impacted - Upgrade to version 2.0 and later.

Brocade Virtual Web Application

Firewall (formerly Brocade SteelApp

Application Firewall (SAF))

Not Impacted

Brocade Network Advisor

Impacted – 11.0.x to 11.3.x and 12.0.x to 12.2.x.

Fixed in 12.3.4.

Brocade IronView Network

Manager

Migrate to 12.3.4

Brocade Data Center Fabric

Manager

Migrate to 12.3.4

Brocade Security Advisory ID: BSA-2014-002

Initial Publication Date: March 10, 2015

Revision: 1.7

Revision Date: April 7, 2017

Page 2

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL

PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY,

INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR

PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN

RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE’S CURRENT

KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO

BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT

TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

Document Revision

Changes

1.0

First release

1.1

Updated NOS status; Removed USD-X which is no longer support;

Updated Brocade IT and NMS response

1.2

Updated information for FOS, SI and ADX

1.3

Updated information for FastIron, NetIron and BigIron RX

1.4

Updated information for vRouter products and document format

1.5

Updated information for 5600 vRouter, FOS, BigIron, Firewall, and BNA

1.6

Updated information for JetCore

1.7

Updated information for FOS, JetCore, ServerIron ADX, and BNA

Broadcom OpenSSL POODLE Vulnerability Assessment for Brocade User guide

Broadcom OpenSSL POODLE Vulnerability Assessment for Brocade User guide

Broadcom OpenSSL POODLE Vulnerability Assessment for Brocade User guide

Related papers

Other documents