Cisco Bug: CSCup24189 - Multiple Vulnerabilities in OpenSSL - June 2014
Dec 13, 2019
- Cisco Agent Desktop
Known Affected Releases
10.0(1) 10.0(2) 10.5(1) 9.0(1) 9.0(2) 9.0(3)
Symptom: The following Cisco products: Cisco Agent Desktop for Cisco Unified Contact Center Enterprise and Hosted Cisco Agent Desktop for Cisco Unified Contact Center Express include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" CVE-2014-0224 - SSL/TLS MITM vulnerability This bug has been opened to address the potential impact on this product. Conditions: The following product features may be exposed to the CVEs under the following scenarios: CAD Clients: - Agent and Supervisor Desktop may be exposed when using Cisco Unified Presence Chat. The exposure is in the Client to CUP Server communication. CAD Servers: - Cisco Desktop VoIP Monitor Service may be exposed when communicating with Cisco Unified Call Manager. - Cisco Desktop Sync Service may be exposed when communicating with Cisco Unified Call Manager. - Cisco Desktop Web Administrator Service may be exposed when communicating with Cisco Unified Presence Server.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases