Guest

Preview Tool

Cisco Bug: CSCup23994 - Multiple Vulnerabilities in OpenSSL - June 2014

Last Modified

May 05, 2020

Products (15)

  • Cisco TelePresence MCU 4500 Series
  • Cisco TelePresence MCU 4520
  • Cisco TelePresence MCU 4505
  • Cisco TelePresence MCU 5320
  • Cisco TelePresence MCU 4510
  • Cisco TelePresence MCU 4205
  • Cisco TelePresence MCU 4215
  • Cisco TelePresence MCU 4220
  • Cisco TelePresence MCU MSE 8420
  • Cisco TelePresence MCU 4203
View all products in Bug Search Tool Login Required

Known Affected Releases

4.0(1.18) 4.0(1.44) 4.0(1.49) 4.0(1.54) 4.1(1.51) 4.1(1.59) 4.2(1.43) 4.2(1.46) 4.2(1.50) 4.3(1.68) 4.3(2.17) 4.3(2.18) 4.3(2.30) 4.3(2.32) 4.4(3.42) 4.4(3.49) 4.4(3.54) 4.4(3.57) 4.4(3.67) 4.5(1.45)

Description (partial)

Symptom:
The following Cisco products

Cisco TelePresence MCU 4200 series (includes models: 4203, 4205, 4210, 4215, 4220)
Cisco TelePresence MCU 4500 series (includes models: 4501, 4505, 4510, 4515, 4520)
Cisco TelePresence MCU 5300 series (includes models: 5310 and 5320)
Cisco TelePresence MCU MSE 8420
Cisco TelePresence MCU MSE 8510

include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0224 - SSL/TLS MITM vulnerability
CVE-2014-3470 - Anonymous ECDH denial of service
CVE-2014-0076 - Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack

This bug has been opened to address the potential impact on this product.

Conditions:
- HTTPS and/or SIP/TLS is in use. 
- For CVE-2014-3470 to apply, certificate verification for outbound connections must not have been enabled.
- CVE-2014-0076 only applies to the 8510 and 5300 series. Other platforms are not vulnerable to this particular vulnerability.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.