#CVE-2015-3195 Subscribe to Security Advisories

Thursday, December 3, 2015

On December 3rd, 2015, OpenSSL release a security advisory[1] with a number of security vulnerabilities across multiple version of OpenSSL. Out of those ACOS is only affected by CVE-2015-3195[2] and this advisory addresses the impact from it.


If a specially crafted certificate is uploaded to ACOS device it is theoretically possible to trigger a bug in the way X.509 date is handled, which may result in a memory leak.

In order to upload certificates to the device the user already needs to have higher level of privilege which overall implies they would have access to the data leaked regardless of the use of this bug.

Workarounds and Mitigations 


Software Updates 

Software updates resolving this potential vulnerability will be published at the following URL when available: click here

Since this is a minor vulnerability, the patch will be included in the next scheduled software release.

Vulnerability Details

Affected Platforms: ADC, CGN, TPS
Affected Software Versions: 4.0.x, 3.1.x, 2.7.x, 2.8.x

Modification History 
April 18, 2018

Created web page

Download PDF