Guest

Preview Tool

Cisco Bug: CSCup38998 - Multiple Vulnerabilities in OpenSSL - June 2014

Last Modified

Dec 19, 2019

Products (1)

  • Cisco Small Business IP Phones

Known Affected Releases

7.5.5 7.5.5b 7.5.6

Description (partial)

Symptom:
The following Cisco products

- SPA525G IP Phone
- SPA525G2 IP Phone

include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0224 - SSL/TLS MITM vulnerability

This bug has been opened to address the potential impact on this product.

Conditions:
Device using HTTPS to do resync, upgrading, TR-069 Auto-Configuration.

Related Community Discussions

SPA525G2 - Future Plans - EOL?
The SPA525G2 phone is over 4 years old now - and while it's still a pretty decent phone (it is still the top of the line Small Business phone) I've started to wonder what Cisco's strategy is in this segment and how much longer we can expect to see this phone being sold as new. 1.  Firmware updates for the handset seem to have largely dried up.  7.5.6 was released in May, 7.5.5 June 2013, 7.5.4 was Dec 2012.  Two minor point releases in almost two years indicates to me that there isn't a lot of bug ...
Latest activity: Nov 24, 2014
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.