Cisco Bug: CSCus42833 - JANUARY 2015 OpenSSL Vulnerabilities
Jan 30, 2016
- Cisco TelePresence Advanced Media Gateway Series
- Cisco TelePresence Advanced Media Gateway 3610
Known Affected Releases
Symptom: This product includes a version of OpenSSL that could be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: * ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572) * RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) * DH client certificates accepted without verification [Server] (CVE-2015-0205) * Bignum squaring may produce incorrect results (CVE-2014-3570) * Certificate fingerprints can be modified (CVE-2014-8275) * no-ssl3 configuration sets method to NULL (CVE-2014-3569) * DTLS segmentation fault in dtls1_get_record (CVE-2014-3571) * DTLS memory leak in dtls1_buffer_record (CVE-2015-0206) Please see Further Problem Description for more details. Conditions: HTTPS and/or SIP/TLS enabled and in use.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases