Guest

Preview Tool

Cisco Bug: CSCup22598 - Multiple Vulnerabilities in OpenSSL - June 2014

Last Modified

Jan 30, 2016

Products (6)

  • Cisco IP Phone 8800 Series
  • Cisco Unified IP Phone 6961
  • Cisco Unified IP Phone 6941
  • Cisco Unified IP Phone 8941
  • Cisco Unified IP Phone 8945
  • Cisco Unified IP Phone 6921

Known Affected Releases

9.4(1)SR1

Description (partial)

PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 10/9.5:

https://intellishield.cisco.com/security/alertmanager/cvss?target=new&version=2.0&vector=AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C

The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. 

Additional information on Cisco's security vulnerability policy can be found at the following URL:

http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

Symptom:
The following Cisco products:
Cisco IP phones 8941 and 8945

CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection or denial of service
CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
CVE-2014-0195 - DTLS invalid fragment vulnerability
CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-0224 - SSL/TLS MITM vulnerability
CVE-2014-3470 - Anonymous ECDH denial of service

- The product uses OpenSSL 0.9.8k.
- This bug has been opened to address CVE-2014-0224, CVE-2014-0195 and CVE-2014-0221 with the OpenSSL 0.9.8k. The separeate CDET or CSCup94071 has been opened to address CVE-2014-0224, CVE-2014-0195 and CVE-0221 separately.
- CVE-2010-5298, CVE-2014-0076, CVE-2014-0198 and CVE-2014-3470 are not applicatble to this product.

Conditions:
CVE-2014-0224 affects
-  SCCP/SIP signaling with CUCM 10.0 and later without fix
-  CAPF (certificate enrollment) with CUCM 10.0 and later without fix
-  TVS with CUCM 10.0 and later without fix
-  IP services (Corporate directory, EM/EMCC etc.) with CUCM 10.0 and later without fix
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.