Guest

Preview Tool

Cisco Bug: CSCup22587 - Multiple Vulnerabilities in OpenSSL - June 2014

Last Modified

May 22, 2018

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

7.0(250.0) 7.3(112.0) 7.4(110.0) 7.4(120.0) 7.5(102.0) 7.6(120.0)

Description (partial)


Symptom:
The following Cisco products:

Wireless Lan Controllers: 5500, 2500, Wism1, Wism2, 7500, 8500, 2100, NM-WLC, 4400

include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0224 - SSL/TLS MITM vulnerability
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-3470 - Anonymous ECDH denial of service
CVE-2014-0221 - DTLS recursion flaw 
CVE-2014-0195 - DTLS invalid fragment vulnerability

This bug has been opened to address the potential impact on this product.


Conditions:
Devices with default configuration.

Affected Releases
All 4.x, 5.x, 6.x, 7.0.x, 7.2.x, 7.3.x, 7.4.x, 7.5.x, 7.6.x

Related Community Discussions

OpenSSL vulnerabilities in WLC 7.4.110.0
Hi, version 7.4.11.0 is vulnerable to the following CVE IDs: CVE-2014-0224 CVE-2014-0221 CVE-2014-0195 CVE-2014-0198 CVE-2010-5298 CVE-2014-3470 CVE-2014-0076   Is there a patch, that could fix it?   Thanks!  
Latest activity: Aug 05, 2014
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.