Cisco Catalyst 3560-X and 3750-X Switches

Known vulnerabilities detected

Our automated heuristics have identified vulnerabilities that may be associated with this certificate. See the CVEs section for details.

Certificate #1657

Webpage information

Status historical
Historical reason RNG SP800-131A Revision 1 Transition
Validation dates 22.12.2011 , 23.02.2012 , 29.05.2012
Standard FIPS 140-2
Security level 2
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy
Description Cisco Catalyst 3750-X and 3650-X Series Switches are enterprise-class stackable switches that provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as Cisco StackPower, Power over Ethernet Plus (PoE+), optional network modules, redundant power supplies, and MAC security. The Catalyst 3750-X and 3650-X Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev
Version (Hardware) (WS-C3560X-24P, WS-C3560X-24T, WS-C3560X-48P, WS-C3560X-48PF, WS-C3560X-48T, WS-C3750X-12S, WS-C3750X-24P, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P, WS-C3750X-48PF, WS-C3750X-48T, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK, C3KX-NM-10GT) with FIPS Kit (C3KX-FIPS-KIT)
Version (Firmware) 15.0(1)SE2
Vendor Cisco Systems, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, RC4, DES, TDES, Triple-DES, HMAC
Asymmetric Algorithms
DH, Diffie-Hellman
Hash functions
SHA-1, MD5
Schemes
MAC, Key Agreement
Protocols
SSHv2, SSH, TLS, PGP
Randomness
RNG
Block cipher modes
ECB, CBC, GCM

Vendor
Cisco, Cisco Systems, Inc, Cisco Systems

Security level
Level 2, Level 1, level 2, level 1

Standards
FIPS 140-2, FIPS PUB 140-2, FIPS 140, PKCS #1

File metadata

Title Microsoft Word - cat3k_security_policy.doc
Author wangzhi
Creation date D:20120427095558-04'00'
Modification date D:20120427095558-04'00'
Pages 26
Creator PScript5.dll Version 5.2
Producer Acrobat Distiller 8.0.0 (Windows)

Heuristics

Automated inference - use with caution

All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.

Related CVEs

ID Links Severity CVSS Score Published on
Base Exploitability Impact
CVE-2005-4258
C N
HIGH 7.8 6.9 15.12.2005

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 1657,
  "dgst": "14c54242e8185b50",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "SHS#1536",
        "AES#1275",
        "RSA#869",
        "HMAC#1026",
        "AES#1024",
        "AES#1749",
        "RNG#932",
        "Triple-DES#1133"
      ]
    },
    "cpe_matches": {
      "_type": "Set",
      "elements": [
        "cpe:2.3:h:cisco:catalyst_3750-x:-:*:*:*:*:*:*:*",
        "cpe:2.3:h:cisco:catalyst_3560-x:-:*:*:*:*:*:*:*",
        "cpe:2.3:h:cisco:catalyst_3750:-:*:*:*:*:*:*:*",
        "cpe:2.3:h:cisco:catalyst_3560:-:*:*:*:*:*:*:*"
      ]
    },
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "15.0"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": {
      "_type": "Set",
      "elements": [
        "CVE-2005-4258"
      ]
    },
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "FF": {
          "DH": {
            "DH": 6,
            "Diffie-Hellman": 1
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "ECB": {
          "ECB": 1
        },
        "GCM": {
          "GCM": 2
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "PGP": {
          "PGP": 3
        },
        "SSH": {
          "SSH": 12,
          "SSHv2": 2
        },
        "TLS": {
          "TLS": {
            "TLS": 11
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 2
        },
        "MAC": {
          "MAC": 4
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1,
          "#1749": 1,
          "#20": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES (Cert. #1749": 1,
          "AES 128": 2,
          "AES 128/256": 1,
          "Certificate AES": 1,
          "HMAC-SHA-1": 4,
          "PKCS #1": 2,
          "SHA-1": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 1,
          "Level 2": 5,
          "level 1": 1,
          "level 2": 2
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 1
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {
        "com": {
          "com": 1
        }
      },
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "RNG": {
          "RNG": 11
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 1,
          "FIPS 140-2": 22,
          "FIPS PUB 140-2": 1
        },
        "PKCS": {
          "PKCS #1": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 8
          },
          "RC": {
            "RC4": 1
          }
        },
        "DES": {
          "3DES": {
            "TDES": 2,
            "Triple-DES": 2
          },
          "DES": {
            "DES": 2
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 3
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 74,
          "Cisco Systems": 8,
          "Cisco Systems, Inc": 27
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "wangzhi",
      "/CreationDate": "D:20120427095558-04\u002700\u0027",
      "/Creator": "PScript5.dll Version 5.2",
      "/ModDate": "D:20120427095558-04\u002700\u0027",
      "/Producer": "Acrobat Distiller 8.0.0 (Windows)",
      "/Title": "Microsoft Word - cat3k_security_policy.doc",
      "pdf_file_size_bytes": 285715,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 26
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "de0443d9a20bf63db89cb877d0ec5976c8dbf1e1138ccd758953922930c1f71d",
    "policy_txt_hash": "2d97b3222f036efd388a66918f9194413a8e151ec92851681cab935b95c4f0bb"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/FIPS140ConsolidatedCertList0012.pdf",
    "date_sunset": null,
    "description": "Cisco Catalyst 3750-X and 3650-X Series Switches are enterprise-class stackable switches that provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as Cisco StackPower, Power over Ethernet Plus (PoE+), optional network modules, redundant power supplies, and MAC security. The Catalyst 3750-X and 3650-X Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": null,
    "fw_versions": "15.0(1)SE2",
    "historical_reason": "RNG SP800-131A Revision 1 Transition",
    "hw_versions": "(WS-C3560X-24P, WS-C3560X-24T, WS-C3560X-48P, WS-C3560X-48PF, WS-C3560X-48T, WS-C3750X-12S, WS-C3750X-24P, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P, WS-C3750X-48PF, WS-C3750X-48T, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK, C3KX-NM-10GT) with FIPS Kit (C3KX-FIPS-KIT)",
    "level": 2,
    "mentioned_certs": {},
    "module_name": "Cisco Catalyst 3560-X and 3750-X Switches",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "historical",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2011-12-22",
        "lab": "SAIC-VA",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2012-02-23",
        "lab": "",
        "validation_type": "Update"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2012-05-29",
        "lab": "SAIC-VA",
        "validation_type": "Update"
      }
    ],
    "vendor": "Cisco Systems, Inc.",
    "vendor_url": "http://www.cisco.com"
  }
}