Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
458
Views
4
Helpful
3
Replies

Cisco IOS XE is vulnerable to CVE-2014-0160 - aka Heartbleed CSCuo19730 on Cisco 4500E IOS XE?

kwning
Level 1
Level 1

‎04-15-2014 02:29 AM - edited ‎03-20-2019 08:13 PM

Hello Experts,

I need to find out what exact IOS XE software version on Catalyst 4507E will affect by Heartbleed.

 

Cisco WS-C4507R+E

WS-X45-SUP7-E

 

Thanks in advance.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

skdreams1
Level 1
Level 1

‎05-06-2014 02:21 PM

Please check out the bug ID CSCuo19730

https://tools.cisco.com/bugsearch/bug/CSCuo19730

 
3.11.xS Vulnerable
3.12.xS Vulnerable
 
Cisco IOS XE devices running release 3.11.0S, 3.11.1S or 3.12.0S and with the WebUI interface over HTTPs enabled
 

Devices with the WebUI interface enabled and using HTTPs as transport protocol will include the following configuration:

transport-map type persistent webui http-webui
secure-server
ip http secure-server
transport type persistent webui input http-webui

apieper
Level 1
Level 1
In response to skdreams1

‎05-07-2014 12:43 AM

Hi,

I have installed in an WS-C4507R+E wit SUP8-E the IOS-XE Software 03.03.00.

If i do understand the above bugreport this Version is not affected from the Heartbleed vulnarability !

I am right ?

 

Thanks

0 Helpful

skdreams1
Level 1
Level 1
In response to apieper

‎05-07-2014 02:15 PM

@apieper, looking at the bug details, it doesn't look like you are affected.

 

 

Conditions:
Cisco IOS XE devices running release 3.11.0S, 3.11.1S or 3.12.0S and with the WebUI interface over HTTPs enabled. No other versions of Cisco IOS XE are affected.

Devices with the WebUI interface enabled and using HTTPs as transport protocol will include the following configuration:

transport-map type persistent webui http-webui
secure-server
ip http secure-server
transport type persistent webui input http-webui

Devices running IOS XE release 3.11.0S, 3.11.1S or 3.12.0S but WITHOUT the WebUI interface enabled, or with the WebUI interface enabled but NOT using HTTPs as transport protocol are NOT AFFECTED by this vulnerability.

Devices running IOS XE release 3.11.0S, 3.11.1S or 3.12.0S and with the HTTPs server enabled (by including in their configuration the line "ip http secure-server") are NOT affected. Both the HTTPs server and the WebUI interface need to be enabled for a device to be vulnerable.

0 Helpful
Customers Also Viewed These Support Documents