Knowledge Search


×
 

2013-05 Security Bulletin: Steel Belted Radius: OpenSSL vulnerability CVE-2012-2110

  [KB27376] Show Article Properties


Summary:
Products Affected: Steel-Belted Radius Enterprise, Steel-Belted Radius Global Enterprise, Steel-Belted Radius Carrier
Risk Assessment: CVSS Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Risk Level: High
CVE: CVE-2012-2110
Symptoms:
 OpenSSL software provided with Steel-Belted Radius (SBR) Enterprise and Steel-Belted Radius (SBR) Carrier is vulnerable to CVE-2012-2110. This may allow code execution type of attacks using crafted certificates.
Cause:

Solution:
  • SBR Enterprise, SBR Global Enterprise: Fixed in 6.17 or later
  • SBR Carrier: Fixes are available for 7.3.1, 7.4.1, 7.5.0 through regular JTAC support channels.

Workarounds:
There are no known workarounds that can mitigate the issue listed in this bulletin for SBR products.
Related Links: