Cisco Bug: CSCut46048 - MARCH 2015 OpenSSL Vulnerabilities
Feb 03, 2017
- Cisco ONS 15454 Series Multiservice Provisioning Platforms
Known Affected Releases
10.01 10.30 9.80 9.81
Symptom: This product includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288 This bug has been opened to address the potential impact on this product. Conditions: Cisco ONS 15454 releases 9.80, 9.81, 10.00, 10.01, 10.3 use OpenSSL 1.0.1e version which is vulnerable to the following CVEs as per the features enabled in the release software: CVE-2015-0204, CVE-2015-0286 CVE-2015-0287 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 CVE-2015-0209 CVE-2015-0288 Other vulnerabilities listed in March 19th 2015 advisory are specific to OpenSSL 1.0.2 versions and Cisco ONS 15454 software does not use OpenSSL 1.0.2. Hence it is not vulnerable to those CVEs.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases