Cisco Bug: CSCut46140 - MARCH 2015 OpenSSL Vulnerabilities
Feb 01, 2017
- Cisco Unified Attendant Consoles
Known Affected Releases
10.0 10.0(1) 10.5 10.5(2) 10.6(1) 10.6(2)
Symptom: The following Cisco products Cisco Unified Attendant Console Standard include a version of openssl that may be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2015-0291 - OpenSSL 1.0.2 ClientHello sigalgs DoS CVE-2015-0290 - Multiblock corrupted pointer CVE-2015-0207 - Segmentation fault in DTLSv1_listen CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0208 - Segmentation fault for invalid PSS parameters CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences CVE-2015-0293 - DoS via reachable assert in SSLv2 servers CVE-2015-1787 - Empty CKE with client auth and DHE CVE-2015-0285 - Handshake with unseeded PRNG CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref This bug has been opened to address the potential impact on this product. Conditions: Cisco Unified Attendant Console acts as a ssl client to connect with Communication Manager AXL service. The library is used communication on https between Cisco Unified Attendant Console Standard and Communication Manager AXL Service. Systems running an Affected versions of Cisco UAC. A patch is available, please contact Cisco TAC for the file and installation instructions.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases