Products Affected: Steel-Belted Radius Enterprise, Steel-Belted Radius Global Enterprise, Steel-Belted Radius Carrier Risk Assessment: CVSS Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Risk Level: High CVE: CVE-2012-2110
Problem or Goal
OpenSSL software provided with Steel-Belted Radius (SBR) Enterprise and Steel-Belted Radius (SBR) Carrier is vulnerable to CVE-2012-2110. This may allow code execution type of attacks using crafted certificates.
SBR Enterprise, SBR Global Enterprise: Fixed in 6.17 or later
SBR Carrier: Fixes are available for 7.3.1, 7.4.1, 7.5.0 through regular JTAC support channels.
Workarounds: There are no known workarounds that can mitigate the issue listed in this bulletin for SBR products.