Related Articles

KB30297 - 2013-05 Security Bulletin: Steel Belted Radius: OpenSSL vulnerability CVE-2012-2110

KB29217 - [SBR] Patches for Steel-Belted Radius Enterprise and Global Enterprise for OpenSSL Vulnerability

JSA10544 - 2012-11 Security Bulletin: Steel-Belted Radius: Multiple OpenSSL Vulnerabilities

JSA10570 - 2013-05 Network Management, Identity and Policy Control Security Advisories Released

KB29932 - Steel Belted RADIUS replica server fails to start after reboot

KB30076 - Information on Steel-Belted Radius (SBR) licensing

KB40219 - Steel Belted Radius (SBR) Version 6.2x License retreival process for customers with an active support contract

KB40660 - [SBR] - Troubleshooting the Steel-Belted Radius Administrator Console

KB17447 - Can I use my Steel Belted Radius Enterprise Edition license key for a Primary and a Replica Server?

KB17473 - Information on Steel-Belted Radius (SBR) licensing

< Back to search results

Article

JSA10569 - 2013-05 Security Bulletin: Steel Belted Radius: OpenSSL vulnerability CVE-2012-2110

« Go Back

Information

Product Affected	Steel-Belted Radius Enterprise, Steel-Belted Radius Global Enterprise

Problem

OpenSSL software provided with Steel-Belted Radius (SBR) Enterprise is vulnerable to CVE-2012-2110. This may allow code execution type of attacks using crafted certificates.

Solution

SBR Enterprise, SBR Global Enterprise: Fixed in 6.17 or later

Workaround

There are no known workarounds that can mitigate the issue listed in this bulletin for SBR products.

Implementation

Related Links

CVSS Score	7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Risk Assessment

Acknowledgements

Alert Type

Risk Level	High

Attachment 1

Attachment 2

Legacy ID	PSN-2013-05-941, JSA10569