Guest

Preview Tool

Cisco Bug: CSCuo21298 - CUPS is vulnerable to CVE-2014-0160 - aka Heartbleed

Last Modified

Dec 10, 2018

Products (3)

  • Cisco Unified Communications Manager IM & Presence Service
  • Cisco Unified Communications Manager IM and Presence Service Version 10.5
  • Cisco Unified Communications Manager IM and Presence Service Version 10.0

Known Affected Releases

10.0(1) 10.5(1)

Description (partial)

Symptom:
Cisco Unified Presence Server (CUPS) includes a version of openssl that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) ID CVE-2014-0160.

This bug has been opened to address the potential impact on this product.

Conditions:
Device with default configuration and running version 10.0.1. The following services are affected by this vulnerability:

Cisco SIP Proxy
Cisco Presence Engine
Cisco XCP Web Connection Manager
Cisco XCP Connection Manager
Cisco XCP XMPP Federation Connection Manager
Cisco XCP Directory Service
Cisco XCP Router

Releases prior to 10.0.1 are not affected by this vulnerability. Release 10.0.1 is affected by this vulnerability. Release 10.0.1 SU1 and later on the 10.0 stream include the fix for this vulnerability.
Release 10.5 contains the fix for this vulnerability.

Related Community Discussions

Cisco TelePresence products vulnerable to CVE-2014-0160 -aka Heartbleed
https://tools.cisco.com/bugsearch/bug/CSCuo26378   So when I have EX90 with version TC6.3.0.3d8e7d1 everything is OK or should I upgrade it to TC6.3.1
Latest activity: Apr 23, 2014
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.