Symptom:
The following Cisco products

CUCM IM and Presence Service 10.5(1) 
CUCM IM and Presence Service 10.0(1) including all SU releases, up to SU1

include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0224 - SSL/TLS MITM vulnerability
CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference 
CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection or denial of service
CVE-2014-3470 - Anonymous ECDH denial of service
CVE-2014-0076 - EDCS NONCE Side-Channel Recovery Attack

these other Cisco products

CUCM IM and Presence Service 9.1(1) including all SU releases, up to SU3
CUCM IM and Presence Service 9.0(1) 
Cisco Unified Presence  8.6 including all SU releases
Cisco Unified Presence  8.5 including all SU releases
Cisco Unified Presence  8.0 including all SU releases

include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0224 - SSL/TLS MITM vulnerability
CVE-2014-3470 - Anonymous ECDH denial of service
CVE-2014-0076 - EDCS NONCE Side-Channel Recovery Attack

This bug has been opened to address the potential impact on this product.

Conditions:
Devices with default configuration.

The following services are affected:
Cisco SIP Proxy
Cisco Presence Engine
Cisco XCP Web Connection Manager
Cisco XCP Connection Manager
Cisco XCP XMPP Federation Connection Manager
Cisco XCP Directory Service
Cisco XCP Router
Cisco XCP Text Conference Manager
Cisco XCP Message Archiver

Note:
The Cisco XCP Text Conference Manager and Cisco XCP Message Archiver services are only affect in the following product versions as all previous versions do not support TLS for these services: CUCM IM and Presence Service 10.5(1)