CVE-2014-8176 Cisco ASA OpenSSL Multiple Vulnerabilities (cisco-sa-20150612-openssl)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities.

Cisco ASA is exposed to following vulnerabilities:
- Cisco ASA incorporate a version of the OpenSSL package that incorrectly handled missing content when parsing ASN
- Cisco ASA incorporate a version of the OpenSSL package that incorrectly handled NewSessionTicket when being used by a multi-threaded client.

Successful exploitation could allow an unauthenticated, remote attacker to cause a denial of service condition or corrupt portions of OpenSSL process memory.

Refer to Cisco ASA advisory cisco-sa-20150612-openssl for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

cisco-sa-20150612-openssl: Cisco ASA (OpenSSL)