Cisco Bug: CSCuo21298 - CUPS is vulnerable to CVE-2014-0160 - aka Heartbleed
Dec 10, 2018
- Cisco Unified Communications Manager IM & Presence Service
- Cisco Unified Communications Manager IM and Presence Service Version 10.5
- Cisco Unified Communications Manager IM and Presence Service Version 10.0
Known Affected Releases
Symptom: Cisco Unified Presence Server (CUPS) includes a version of openssl that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) ID CVE-2014-0160. This bug has been opened to address the potential impact on this product. Conditions: Device with default configuration and running version 10.0.1. The following services are affected by this vulnerability: Cisco SIP Proxy Cisco Presence Engine Cisco XCP Web Connection Manager Cisco XCP Connection Manager Cisco XCP XMPP Federation Connection Manager Cisco XCP Directory Service Cisco XCP Router Releases prior to 10.0.1 are not affected by this vulnerability. Release 10.0.1 is affected by this vulnerability. Release 10.0.1 SU1 and later on the 10.0 stream include the fix for this vulnerability. Release 10.5 contains the fix for this vulnerability.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases