CVE-2015-4458 - Smokeproof Elbows

Description

The TLS implementation in the Cavium cryptographic-module firmware as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products does not verify the MAC field which allows man-in-the-middle attackers to spoof TLS content by modifying packets aka Bug ID CSCuu52976.

Reference

http://tools.cisco.com/security/center/viewAlert.x?alertId=39919 http://www.securitytracker.com/id/1032927