Guest

Preview Tool

Cisco Bug: CSCup22534 - Multiple Vulnerabilities in OpenSSL - June 2014

Last Modified

Dec 13, 2019

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

1.1(0.908) 1.2(0.899) 1.3(0.533) 1.3(101.300) 2.1(0.476) 2.2(0.245)

Description (partial)

Symptom:
The following Cisco products

Cisco Identity Services Engine (ISE) 

version 1.2.1.198 and earlier 
version 1.2.0.899 patch 10 and earlier
version 1.1.4 all patch levels
version 1.1.3 all patch levels
version 1.1.2 all patch levels
version 1.1.1 all patch levels
version 1.0 all patch levels

include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0224 - SSL/TLS MITM vulnerability

This bug has been opened to address the potential impact on this product.

Conditions:
Deployments that use LDAP over SSL as an authentication source or use Syslog over TLS to send events from ISE to a remote syslog server are potentially vulnerable to CVE-2014-0224.

Related Community Discussions

Cisco Identity Service Engine (ISE) (<key>CSCup22534</key>)--bug information
  I can see this bug information, can you please help?     Cisco Identity Service Engine (ISE) (<key>CSCup22534</key>)
Latest activity: Mar 10, 2015
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.