Cradlepoint wireless edge solutions unlock the power of LTE and 5G cellular networks to give your WAN the boundless reach, nonstop reliability, and real-time agility it needs to keep up with your business. Connect fixed and temporary sites, vehicles, field forces, and IoT devices, anywhere. Simply. Securely. Wirelessly.
CPSEC-9: OpenSSL vulnerable to DROWN attack
October 19, 2018
Summary: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products and required a server to send a ServerVerify message before establishing the client possesses certain plaintext RSA data. This action makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a “DROWN” attack. Cradlepoint routers were not affected by this vulnerability (CVE-2016-0800).
Mitigation: Update firmware to version 6.1.0 or newer as part of the normal maintenance schedule.