Cisco Bug: CSCup34257 - OpenSSL vulnerabilities present in CAD/CSD
Dec 15, 2019
- Cisco Unified Contact Center Express
- Cisco Unified Contact Center Express 11.0(1)
- Cisco Unified IP Interactive Voice Response (IVR) 11.0(1)
Known Affected Releases
Symptom: The following Cisco products: Cisco Agent Desktop for Cisco Unified Contact Center Enterprise and Hosted Cisco Agent Desktop for Cisco Unified Contact Center Express include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" CVE-2014-0224 - SSL/TLS MITM vulnerability This bug has been opened to address the potential impact on this product. Conditions: The following product features may be exposed to the CVEs under the following scenarios: CAD Clients: - Agent and Supervisor Desktop may be exposed when using Cisco Unified Presence Chat. The exposure is in the Client to CUP Server communication. CAD Servers: - Cisco Desktop VoIP Monitor Service may be exposed when communicating with Cisco Unified Call Manager. - Cisco Desktop Sync Service may be exposed when communicating with Cisco Unified Call Manager. - Cisco Desktop Web Administrator Service may be exposed when communicating with Cisco Unified Presence Server.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases