Cisco Bug: CSCup22627 - Multiple Vulnerabilities in OpenSSL - June 2014
Last Modified
Dec 10, 2018
Products (8)
- Cisco Unified Communications Manager IM & Presence Service
- Cisco Unified Communications Manager IM and Presence Service Version 10.5
- Cisco Unified Communications Manager IM and Presence Service Version 9.1
- Cisco Unified Communications Manager IM and Presence Service Version 9.0
- Cisco Unified Presence Version 8.5
- Cisco Unified Communications Manager IM and Presence Service Version 10.0
- Cisco Unified Presence Version 8.6
- Cisco Unified Presence Version 8.0
Known Affected Releases
10.0(1) 10.5(1) 8.0(1) 8.0(2) 8.0(3) 8.0(4) 8.5(1) 8.5(2) 8.5(3) 8.6(1) 8.6(2) 8.6(3) 8.6(4) 8.6(5) 9.0(1) 9.1(1)
Description (partial)
Symptom: The following Cisco products CUCM IM and Presence Service 10.5(1) CUCM IM and Presence Service 10.0(1) including all SU releases, up to SU1 include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-0224 - SSL/TLS MITM vulnerability CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection or denial of service CVE-2014-3470 - Anonymous ECDH denial of service CVE-2014-0076 - EDCS NONCE Side-Channel Recovery Attack these other Cisco products CUCM IM and Presence Service 9.1(1) including all SU releases, up to SU3 CUCM IM and Presence Service 9.0(1) Cisco Unified Presence 8.6 including all SU releases Cisco Unified Presence 8.5 including all SU releases Cisco Unified Presence 8.0 including all SU releases include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-0224 - SSL/TLS MITM vulnerability CVE-2014-3470 - Anonymous ECDH denial of service CVE-2014-0076 - EDCS NONCE Side-Channel Recovery Attack This bug has been opened to address the potential impact on this product. Conditions: Devices with default configuration. The following services are affected: Cisco SIP Proxy Cisco Presence Engine Cisco XCP Web Connection Manager Cisco XCP Connection Manager Cisco XCP XMPP Federation Connection Manager Cisco XCP Directory Service Cisco XCP Router Cisco XCP Text Conference Manager Cisco XCP Message Archiver Note: The Cisco XCP Text Conference Manager and Cisco XCP Message Archiver services are only affect in the following product versions as all previous versions do not support TLS for these services: CUCM IM and Presence Service 10.5(1)
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases