Guest

Preview Tool

Cisco Bug: CSCur30182 - Multiple vulnerabilities in OpenSSL - 15 October 2014

Last Modified

Dec 13, 2019

Products (15)

  • Cisco TelePresence MCU 4500 Series
  • Cisco TelePresence MCU 4520
  • Cisco TelePresence MCU 4505
  • Cisco TelePresence MCU 4510
  • Cisco TelePresence MCU 5320
  • Cisco TelePresence MCU 4205
  • Cisco TelePresence MCU 4215
  • Cisco TelePresence MCU 4220
  • Cisco TelePresence MCU MSE 8420
  • Cisco TelePresence MCU 4203
View all products in Bug Search Tool Login Required

Known Affected Releases

4.0(1.44) 4.0(1.49) 4.0(1.54) 4.1(1.51) 4.1(1.59) 4.2(1.43) 4.2(1.46) 4.2(1.50) 4.3(1.68) 4.3(2.17) 4.3(2.18) 4.3(2.30) 4.3(2.32) 4.4(3.42) 4.4(3.49) 4.4(3.54) 4.4(3.57) 4.4(3.67) 4.5 4.5(1.45)

Description (partial)

Symptom:
Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300) includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-3513, CVE-2014-3567, CVE-2014-3568

This bug has been opened to address the potential impact on this product.

Conditions:Exposure is not configuration dependent.

Vulnerable to
 - Session Ticket Memory Leak (CVE-2014-3567).
 
 NOT vulnerable to
 - SRTP Memory Leak (CVE-2014-3513) as it does not use DTLS
 - Build option no-ssl3 is incomplete (CVE-2014-3568) as the option no-ssl3 is not used.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.