Guest

Preview Tool

Cisco Bug: CSCuo26378 - Cisco TelePresence products vulnerable to CVE-2014-0160 -aka Heartbleed

Last Modified

Dec 14, 2019

Products (17)

  • Cisco Telepresence Integrator C Series
  • Cisco TelePresence System Profile 65-inch Dual
  • Cisco TelePresence System Profile 52-inch
  • Cisco TelePresence Codec C60
  • Cisco TelePresence System Profile 42-inch
  • Cisco TelePresence System Integrator Package C40
  • Cisco TelePresence Codec C40
  • Cisco TelePresence MX200
  • Cisco TelePresence System Integrator Package C60
  • Cisco TelePresence Codec C90
View all products in Bug Search Tool Login Required

Known Affected Releases

5.0.0 5.0.1 5.0.2 5.1.x 6.0.x 6.1.x 6.2.x 7.0.0 7.0.1 7.0.2 7.1.0

Description (partial)

Symptom:
The following Cisco Telepresence products:

Cisco TelePresence EX Series
Cisco Telepresence Integrator C Series
Cisco TelePresence MX Series
Cisco TelePresence Profile Series
Cisco TelePresence SX Series

include a version of openssl that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) ID CVE-2014-0160.

This bug has been opened to address the potential impact on this product.
The following areas are impacted by this vulnerability:
SIP and HTTPS client code (vulnerable in case of malicious server)
SIP listening port if configured to listen on SIP port and use SIP over TLS
HTTPS server 
IEEE802.1x client code

Conditions:
Device with default configuration.
The following releases are vulnerable:
TC5.0.2
TC5.1.3
TC5.1.4
TC5.1.5
TC5.1.6
TC5.1.7
TC5.1.8
TC6.0.0
TC6.0.1
TC6.1.0
TC6.1.1
TC6.1.2
TC6.2.0
TC6.2.1
TC6.3.0
TC7.0.2
TC7.1.0

The following releases are not vulnerable:
TC5.1.11
TC6.3.1
TC7.1.1

Related Community Discussions

Cisco TelePresence products vulnerable to CVE-2014-0160 -aka Heartbleed
https://tools.cisco.com/bugsearch/bug/<key>CSCuo26378</key>   So when I have EX90 with version TC6.3.0.3d8e7d1 everything is OK or should I upgrade it to TC6.3.1
Latest activity: Apr 23, 2014
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.