Guest

Preview Tool

Cisco Bug: CSCup39003 - Multiple Vulnerabilities in OpenSSL - June 2014

Last Modified

Dec 19, 2019

Products (11)

  • Cisco Small Business SPA500 Series IP Phones
  • Cisco SPA301 1 Line IP Phone
  • Cisco SPA512G 1-Line GigE IP Phone
  • Cisco SPA514G 4-Line GigE IP Phone
  • Cisco SPA504G 4-Line IP Phone
  • Cisco SPA501G 8-Line IP Phone
  • Cisco SPA508G 8-Line IP Phone
  • Cisco SPA502G 1-Line IP Phone
  • Cisco SPA303 3 Line IP Phone
  • Cisco SPA509G 12-Line IP Phone
View all products in Bug Search Tool Login Required

Known Affected Releases

7.5.5 7.5.5b 7.5.6

Description (partial)

Symptom:
The following Cisco products

- SPA301 IP Phone
- SPA303  IP Phone
- SPA501G  IP Phone
- SPA502G  IP Phone
- SPA504G  IP Phone
- SPA508G  IP Phone
- SPA509G  IP Phone
- SPA512G  IP Phone
- SPA514G  IP Phone

include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-0224 - SSL/TLS MITM vulnerability

This bug has been opened to address the potential impact on this product.

Conditions:
Device using HTTPS to do resync, upgrading, TR-069 Auto-Configuraiton.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.