Guest

Preview Tool

Cisco Bug: CSCuq34946 - Multiple Vulnerabilities in OpenSSL - August 2014

Last Modified

Dec 15, 2019

Products (15)

  • Cisco TelePresence MCU 4500 Series
  • Cisco TelePresence MCU 4520
  • Cisco TelePresence MCU 4505
  • Cisco TelePresence MCU 4510
  • Cisco TelePresence MCU 5320
  • Cisco TelePresence MCU 4205
  • Cisco TelePresence MCU 4215
  • Cisco TelePresence MCU 4220
  • Cisco TelePresence MCU MSE 8420
  • Cisco TelePresence MCU MSE 8510
View all products in Bug Search Tool Login Required

Known Affected Releases

4.0(1.18) 4.0(1.44) 4.0(1.49) 4.0(1.54) 4.0(1.57) 4.1(1.51) 4.1(1.59) 4.2(1.43) 4.2(1.46) 4.2(1.50) 4.3(1.68) 4.3(2.17) 4.3(2.18) 4.3(2.30) 4.3(2.32) 4.4(3.30) 4.4(3.33) 4.4(3.42) 4.4(3.49) 4.4(3.54) 4.4(3.57) 4.4(3.67) 4.5(1.45)

Description (partial)

Symptoms:
This product includes a version of OpenSSL that could be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: 

 * Information leak in pretty printing functions (CVE-2014-3508)
 * Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
 * Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
 * Double Free when processing DTLS packets (CVE-2014-3505)
 * DTLS memory exhaustion (CVE-2014-3506)
 * DTLS memory leak from zero-length fragments (CVE-2014-3507)
 * OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
 * OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
 * SRP buffer overrun (CVE-2014-3512)

This bug has been opened to investigate and address the potential impact on this product.

Conditions:
Device with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.