Your browser either does not support JavaScript or you have turned JavaScript off. Protect Your Network from the SSL v3.0 "POODLE" Vulnerability | ZyXEL

Protect Your Network from the SSL v3.0 "POODLE" Vulnerability

Protect Your Network from the SSL v3.0 “POODLE” Vulnerability)

A new vulnerability announced in October and identified in advisory CVE-2014-3566, involves the Secure Sockets Layer version 3 (SSL v3.0) protocol when using a block cipher in Cipher Block Chaining (CBC) mode. ZyXEL Communications is aware of this POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability and offers solutions, as well as a diverse range of Security products, to help protect your network from this threat.

SSL is a frequently utilized transport mechanism for many software components. This POODLE vulnerability presents a weakness in the SSL v3.0 protocol that allows an attacker in a MitM (Man-in-the-Middle) context, to decipher the plain text content of an SSL v3.0 encrypted message.

Most likely to be affected by this threat are web browsers, mail servers, VPN servers, and web servers. As this is a critical vulnerability that can be exploited and can result in significant data theft, ZyXEL strongly recommends that you take appropriate actions, as described below, to secure your network from any potential security holes in applications using version 3 of the SSL protocol.

For more advisory information, please refer to the following link:
https://access.redhat.com/articles/1232123

 

 

Solution

To address the issue, on the 30th of October 2014 ZyXEL has released new IDP signatures, versions 3.0.3.111 and 3.1.4.111, for its Next-Gen USG Series gateways and ZyWALL Series VPN firewalls. The IDP signatures will enable devices to activate the following protection and guard networks against the POODLE vulnerability by blocking all types of access using the SSL v3.0 protocol.


1130118  SSL OpenSSL SSLv3 POODLE Padding Brute Force (CVE-2014-3566)


In the meantime, it is recommended that our customers immediately take steps to disable SSL v3.0 support for applications on both servers and clients. Many applications that use better encryption by default, implement SSL v3.0 support as a fallback option. This should be disabled to prevent malicious users from forcing SSL v3.0 communication in cases where both parties allow it as an acceptable method. End-users can follow the steps described in the following links to preven any mishaps.

Additionally, a new firmware patch will be released in the middle of November 2014 that deactivates the SSL v3.0 setting by factory default. This is to avoid data leakage from communication between client and server.

 

ProductsProduct Description
USG 1900 Next-Gen Unified Security Gateway-Extreme Series
USG 1100 Next-Gen Unified Security Gateway-Extreme Series
USG 310 Next-Gen Unified Security Gateway-Advanced Series
USG 210 Next-Gen Unified Security Gateway-Advanced Series
USG 110 Next-Gen Unified Security Gateway-Advanced Series
USG 60W Next-Gen Unified Security Gateway-Performance Series
USG 60 Next-Gen Unified Security Gateway-Performance Series
USG 40W Next-Gen Unified Security Gateway-Performance Series
USG 40 Next-Gen Unified Security Gateway-Performance Series
ProductsProduct Description
ZyWALL 1100 VPN Firewall
ZyWALL 310 VPN Firewall
ZyWALL 110 VPN Firewall
Global / EN