Guest

Preview Tool

Cisco Bug: CSCup22514 - Multiple Vulnerabilities in OpenSSL - June 2014

Last Modified

Dec 19, 2019

Products (2)

  • Cisco Webex Desk Series
  • Cisco DX650

Known Affected Releases

10.0(1) 10.0(2) 10.1(1) 10.1(2)

Description (partial)

Symptom:
The following Cisco products

Cisco IP Phone model DX650 firmware version 10.0(1), 10.0(2), 10.0(2)SR, 10.0(2)MR, 10.1(1) and 10.1(2)

include a version of OpenSSL that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the Using the FLUSH+RELOAD Cache Side-channel Attack"
CVE-2014-0195 - DTLS invalid fragment vulnerability
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-0224 - SSL/TLS MITM vulnerability

The following CVE are not impacted in the based firmware of the product.

CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection or denial of service
CVE-2010-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
CVE-2014-3470 - Anonymous ECDH denial of service

This products use OpenSSL Version 1.0.0e, 1.0.1e, 1.0.1c, 0.9.8

This bug has been opened to address the above CVEs with OpenSSL versions used as Android platform default OpenSSL library.

Conditions:
CVE-2014-0224
---------------------
Following functions in phone behave as SSL/TLS client and are impacted by these vulnerabilities with CUCM 10.0 and later (without the fix):
- Authenticated and encrypted SIP signaling/registration/calls which is configured using phone security profile on CUCM.
- CAPF Operations for LSC certificate/private key generation which is configured using CUCM device page.
- TVS service used for (a) authenticating server certificate (for CUCM services) and (b) validating signed phone configuration.

Non-Cisco Android Applications may perform functions of SSL/TLS client as well as server.

CVE-2014-0198, CVE-2010-5298
--------------------------------------------
DX series phone based firmware are not impacted by these vulnerabilities. The Non-Cisco Android Applications installed later on may perform functions of SSL/TLS client as well as server with SSL_MODE_RELEASE_BUFFERS set.

CVE-2014-0221, CVE-2014-0195, CVE-2014-0076
-------------------------------------------------------------------- 
Cisco AnyConnect VPN use DTLS protocol. AnyConnect VPN uses a different instance of the OpenSSL library and that is addressed using defects: CSCup22547, CSCul14113.

Non-Cisco Android Applications may use DTLS protocol.

CVE-2014-3470
----------------------
DX series phone based firmware are not impacted by this vulnerabilities. The Non-Cisco Android Applications installed on the platform later on may utilize the Anonymous ECDH denial of service.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.