Cisco responds to OpenSSL security flaw

Cisco Systems issues response to vulnerabilities in open-source security software OpenSSL.

Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
Dawn Kawamoto

Cisco Systems on Friday issued a security advisory regarding the use of open-source security software OpenSSL on several of its products. Cisco's advisory follows one issued in October by the OpenSSL Project, which noted that the vulnerabilities could lead to a malicious attacker launching remote code against users' systems.

OpenSSL is an open-source version of secure sockets layer, or SSL, encryption that is used by a number of Web browsers to secure data transmission over the Internet. Cisco's advisory noted that six of its product categories can be affected by the flaws: ASA 5500 and Cisco Pix running 7.x software; CiscoWorks Common Services versions 3.0 and 2.2; Cisco Mainframe Channel Connection PA-4C-E, PA-IC-E, PA-IC-P, CX-CIP2 tn3270 server; Cisco Global Site Selector 4480, 4490 and 4491; Cisco Wireless Control System Software and CiscoIOS-XR.