Cisco Bug: CSCur30182 - Multiple vulnerabilities in OpenSSL - 15 October 2014

Last Modified

Dec 13, 2019

Products (15)

Cisco TelePresence MCU 4500 Series
Cisco TelePresence MCU 4520
Cisco TelePresence MCU 4505
Cisco TelePresence MCU 4510
Cisco TelePresence MCU 5320
Cisco TelePresence MCU 4205
Cisco TelePresence MCU 4215
Cisco TelePresence MCU 4220
Cisco TelePresence MCU MSE 8420
Cisco TelePresence MCU 4203

View all products in Bug Search Tool Login Required

Known Affected Releases

4.0(1.44) 4.0(1.49) 4.0(1.54) 4.1(1.51) 4.1(1.59) 4.2(1.43) 4.2(1.46) 4.2(1.50) 4.3(1.68) 4.3(2.17) 4.3(2.18) 4.3(2.30) 4.3(2.32) 4.4(3.42) 4.4(3.49) 4.4(3.54) 4.4(3.57) 4.4(3.67) 4.5 4.5(1.45)

Description (partial)

Symptom:
Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300) includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-3513, CVE-2014-3567, CVE-2014-3568

This bug has been opened to address the potential impact on this product.

Conditions:Exposure is not configuration dependent.

Vulnerable to
 - Session Ticket Memory Leak (CVE-2014-3567).
 
 NOT vulnerable to
 - SRTP Memory Leak (CVE-2014-3513) as it does not use DTLS
 - Build option no-ssl3 is incomplete (CVE-2014-3568) as the option no-ssl3 is not used.

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts