Guest

Preview Tool

Cisco Bug: CSCut46139 - MARCH 2015 OpenSSL Vulnerabilities

Last Modified

Jan 31, 2017

Products (1)

  • Cisco Unified Attendant Consoles

Known Affected Releases

10.0(1) 10.5 10.5(2) 8.6 9.0 9.1

Description (partial)

Symptom:
The following Cisco products
Cisco Unified Attendant Console Advanced

include a version of openssl that may be affected by the vulnerabilities identified by the following Common
Vulnerability and Exposures (CVE) IDs:

CVE-2015-0291 - OpenSSL 1.0.2 ClientHello sigalgs DoS
CVE-2015-0290 - Multiblock corrupted pointer
CVE-2015-0207 - Segmentation fault in DTLSv1_listen
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0208 - Segmentation fault for invalid PSS parameters
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0289 - PKCS7 NULL pointer dereferences
CVE-2015-0293 - DoS via reachable assert in SSLv2 servers
CVE-2015-1787 - Empty CKE with client auth and DHE
CVE-2015-0285 - Handshake with unseeded PRNG
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref

This bug has been opened to address the potential impact on this product.

Conditions:
AXL Communication with default Configuration in the following components of the product
Attendant LDAP Plug-in
CTI Server
Attendant Admin

Versions that do not include the latest update or have not applied the available patch.

Please contact Cisco TAC to obtain the patch and instructions on installation.

Version affected by this vulnerability are
?Cisco Unified Attendant Console (all editions) 8.6.2.20
?Cisco Unified Attendant Console (all editions) 9.0.1.10
?Cisco Unified Attendant Console (all editions) 9.0.1.20
?Cisco Unified Attendant Console (all editions) 9.1.1.10
?Cisco Unified Attendant Console (all editions) 9.1.1.20
?Cisco Unified Attendant Console Advanced 10.5.1.10
?Cisco Unified Attendant Console Advanced 10.5.2.10
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.