Preview Tool

Cisco Bug: CSCus42796 - JANUARY 2015 OpenSSL Vulnerabilities

Last Modified

Dec 29, 2016

Products (1)

  • Network Level Service

Known Affected Releases

3.3 3.3.0 3.3.1 3.3.2 3.3.2(HOT2) 3.3.2(HOT3) 3.3.2_Reporting 3.3.3 3.3.4 3.3.5 3.3.5(HOT-1) 3.3.5(HOT-2) 3.3.6 3.3.7 3.3.8 3.3.9 3.4 3.4.1 3.4.3 3.5 3.8 3.9 4.0 4.0.1 4.0.2 4.0.3 4.0.4 4.0.5 4.0.6 4.1 4.1.1 4.1.2 4.1.3 4.1.4

Description (partial)

This product includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

Version OEL 5.9 is affected by the following CVE IDs:

CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570

Version OEL 6.4 is affected by the following CVE IDs:

CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570

This bug has been opened to address the potential impact on this product.

Exposure is not configuration dependent.

This product includes a vulnerable version of OpenSSL, and this bug is being used to update the OpenSSL package used on the product.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.