Knowledge Search


2013-05 Security Bulletin: Steel Belted Radius: OpenSSL vulnerability CVE-2012-2110

  [KB27376] Show Article Properties

Products Affected: Steel-Belted Radius Enterprise, Steel-Belted Radius Global Enterprise, Steel-Belted Radius Carrier
Risk Assessment: CVSS Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Risk Level: High
CVE: CVE-2012-2110
 OpenSSL software provided with Steel-Belted Radius (SBR) Enterprise and Steel-Belted Radius (SBR) Carrier is vulnerable to CVE-2012-2110. This may allow code execution type of attacks using crafted certificates.

  • SBR Enterprise, SBR Global Enterprise: Fixed in 6.17 or later
  • SBR Carrier: Fixes are available for 7.3.1, 7.4.1, 7.5.0 through regular JTAC support channels.

There are no known workarounds that can mitigate the issue listed in this bulletin for SBR products.
Related Links: