Preview Tool

Cisco Bug: CSCuq42309 - Multiple Vulnerabilities in OpenSSL - August 2014

Last Modified

Dec 15, 2019

Products (3)

  • Cisco Unified Communications Manager (CallManager)
  • Cisco Intercompany Media Engine
  • Cisco Unified Communications Manager Version 10.0

Known Affected Releases

10.0(1) 10.5(1.10000.6) 10.5(1.10000.7) 9.9(9)ST1.9

Description (partial)

The following Cisco products

Cisco TAPI Service Provider (TSP) 8.6(x)
Cisco TAPI Service Provider (TSP)  9.1(x)
Cisco TAPI Service Provider (TSP)  10.0(x)
Cisco TAPI Service Provider (TSP)  10.5(x)

includes a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-3505 - Double Free when processing DTLS packets
CVE-2014-3506 - DTLS memory exhaustion
CVE-2014-3507 - DTLS memory leak from zero-length fragments
CVE-2014-3508 - Information leak in pretty printing functions
CVE-2014-3509 - Race condition in ssl_parse_serverhello_tlsext
CVE-2014-3510 - OpenSSL DTLS anonymous EC(DH) denial of service
CVE-2014-3511 - OpenSSL TLS protocol downgrade attack

This bug has been opened to address the potential impact on this product.

running versions prior to  the known fixed versions
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.