Guest

Preview Tool

Cisco Bug: CSCut46048 - MARCH 2015 OpenSSL Vulnerabilities

Last Modified

Feb 03, 2017

Products (1)

  • Cisco ONS 15454 Series Multiservice Provisioning Platforms

Known Affected Releases

10.01 10.30 9.80 9.81

Description (partial)

Symptom:
This product includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288

This bug has been opened to address the potential impact on this product.

Conditions:
Cisco ONS 15454 releases 9.80, 9.81, 10.00, 10.01, 10.3 use OpenSSL 1.0.1e version which is vulnerable to the following CVEs as per the features enabled in the release software:
CVE-2015-0204, CVE-2015-0286  CVE-2015-0287  CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 CVE-2015-0209 CVE-2015-0288

Other vulnerabilities listed in March 19th 2015 advisory are specific to OpenSSL 1.0.2 versions and Cisco ONS 15454 software does not use OpenSSL 1.0.2. Hence it is not vulnerable to those CVEs.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.