Guest

Preview Tool

Cisco Bug: CSCus42702 - JANUARY 2015 OpenSSL Vulnerabilities

Last Modified

Oct 13, 2016

Products (3)

  • Cisco TelePresence Video Communication Server (VCS)
  • Cisco TelePresence Video Communication Server Model
  • Cisco Expressway

Known Affected Releases

X8.1.x X8.2.x X8.5

Description (partial)


Symptom:
This product includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-3571

This bug has been opened to address the potential impact on this product.


Conditions:
Enable Mobile and Remote Access, VCS Control (or Expressway Core) become client toward to VCS Expressway (or Expressway Edge) to open secure connection.

Also configured secure traversal link as traversal client toward to traversal server, VCS/Expressway become client for negotiate the secure session.

Configure policy service or/and TMS management including provisioning service, VCS/Expressway become client for negotiate the secure session when integration enable secure session.

Also initiating the SIP TLS call to external SIP UA (on behave of registered SIP UAs), VCS/Expressway become client for negotiate the secure session.

This product includes a vulnerable version of OpenSSL, and this bug is being used to update the OpenSSL package used on the product.

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.