Cisco Bug: CSCus42702 - JANUARY 2015 OpenSSL Vulnerabilities
Oct 13, 2016
- Cisco TelePresence Video Communication Server (VCS)
- Cisco TelePresence Video Communication Server Model
- Cisco Expressway
Known Affected Releases
X8.1.x X8.2.x X8.5
Symptom: This product includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-3571 This bug has been opened to address the potential impact on this product. Conditions: Enable Mobile and Remote Access, VCS Control (or Expressway Core) become client toward to VCS Expressway (or Expressway Edge) to open secure connection. Also configured secure traversal link as traversal client toward to traversal server, VCS/Expressway become client for negotiate the secure session. Configure policy service or/and TMS management including provisioning service, VCS/Expressway become client for negotiate the secure session when integration enable secure session. Also initiating the SIP TLS call to external SIP UA (on behave of registered SIP UAs), VCS/Expressway become client for negotiate the secure session. This product includes a vulnerable version of OpenSSL, and this bug is being used to update the OpenSSL package used on the product.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases