Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
283
Views
0
Helpful
1
Replies

2.0(8d) vulnerable ?

atrepani
Level 1
Level 1

‎10-24-2016 12:28 PM - edited ‎03-20-2019 09:07 PM

Hi,

Can somebody can help me to clarify that ?  In this https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb48579,

they write "Known Affected Releases:  2.0(13e)",

if I am running a earlier version 2.0(8d), do I am vulnerable ?

Labels:
0 Helpful
1 Reply 1

Palani Mohan
Cisco Employee
Cisco Employee

‎10-27-2016 09:34 AM

Hi there

The short answer is that older versions 2.0(8d) are vulnerable. The problem relates to OpenSSL version. To check what version you have, Telnet to port 80 and the interaction will terminate but, the response will include the OpenSSL version in use.

The OpenSSL advisory shows a total of 16 vulnerabilities have been identified. Five of them are specific to OpenSSL 1.1.0. These (five) do not affect UCS because Cisco is not yet using 1.1.0.

Fix for Cisco UCS will be released on 30th Nov/2016. This release will be 3.0.0.

Kind regards ... Palani

0 Helpful
Customers Also Viewed These Support Documents