Cisco Bug: CSCur30182 - Multiple vulnerabilities in OpenSSL - 15 October 2014
Last Modified
Dec 13, 2019
Products (15)
- Cisco TelePresence MCU 4500 Series
- Cisco TelePresence MCU 4520
- Cisco TelePresence MCU 4505
- Cisco TelePresence MCU 4510
- Cisco TelePresence MCU 5320
- Cisco TelePresence MCU 4205
- Cisco TelePresence MCU 4215
- Cisco TelePresence MCU 4220
- Cisco TelePresence MCU MSE 8420
- Cisco TelePresence MCU 4203

Known Affected Releases
4.0(1.44) 4.0(1.49) 4.0(1.54) 4.1(1.51) 4.1(1.59) 4.2(1.43) 4.2(1.46) 4.2(1.50) 4.3(1.68) 4.3(2.17) 4.3(2.18) 4.3(2.30) 4.3(2.32) 4.4(3.42) 4.4(3.49) 4.4(3.54) 4.4(3.57) 4.4(3.67) 4.5 4.5(1.45)
Description (partial)
Symptom: Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300) includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-3513, CVE-2014-3567, CVE-2014-3568 This bug has been opened to address the potential impact on this product. Conditions:Exposure is not configuration dependent. Vulnerable to - Session Ticket Memory Leak (CVE-2014-3567). NOT vulnerable to - SRTP Memory Leak (CVE-2014-3513) as it does not use DTLS - Build option no-ssl3 is incomplete (CVE-2014-3568) as the option no-ssl3 is not used.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases