Guest

Preview Tool

Cisco Bug: CSCup22603 - Multiple Vulnerabilities in OpenSSL - June 2014

Last Modified

Dec 14, 2019

Products (1)

  • Cisco TelePresence TX9000 Series

Known Affected Releases

1.10.6 6.1.3

Description (partial)

Symptom:
The following Cisco products

 TX9000
 TX9200
 TX1310-65
 CTS500-32
 CTS3000
 CTS3010
 CTS3200
 CTS3210
 CTS1000
 CTS1100 
 CTS1300
 CTS500-37

include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0195 - DTLS invalid fragment vulnerability
CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-3470 - Anonymous ECDH denial of service

This bug has been opened to address the potential impact on this product.

Conditions:
Devices are vulnerable in the default configuration.

DTLS is used to preform Key Exchange to protect SRTP

TLS is used to secure the communications channels between codecs and the User Interface Device

TLS is used to protect the Web Management interface

TLS is used to protect communications channels use to transfer scheduling information.

The vulnerable releases by product are:

- TX9000, TX9200, TX1310-65 and CTS500-32: 1.9.x, 6.0.x, 6.1.0, 6.1.2, and 6.1.3

- CTS3000, CTS3010, CTS3200, CTS3210, CTS1000, CTS1100, CTS1300 and CTS500-37: 1.8.x, 1.9.x, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, and 1.10.6
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.