Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
501
Views
0
Helpful
1
Replies

Is IOS version 12.x affected by OpenSSL vulnerabilities?

Rik Irvine
Level 1
Level 1

‎02-19-2016 02:47 AM - edited ‎03-20-2019 08:51 PM

https://tools.cisco.com/bugsearch/bug/CSCus61884 mentions stream 15.x affected and fixed versions but there is no mention of any version 12.x releases, either affected or fixed.

The release includes the clause:

Affected Versions:
One of more of these vulnerabilities affect all versions of IOS prior to the versions listed in the Integrated In field of this defect

Is there any statement on version 12.x releases and the multiple OpenSSL vulnerabilities?

Labels:
0 Helpful
1 Reply 1

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎02-22-2016 03:24 AM

Hi Rik,

The following Cisco IOS features may invoke the affected code and may be vulnerable:

- SSLVPN feature (for any platform running IOS) ("webvpn gateway")

- SSLVPN feature (for CSR1000V running IOS-XE) ("crypto ssl profile")

- HTTPS client feature ("copy https://..<https://../>. ...", DynDNS client, ...)

- Voice-XML HTTPS client feature

- HTTPS server feature ("ip http secure-server")

- CNS feature

- Settlement for Packet Telephony feature

- LDAPv3 client feature

- CMTS billing feature

So all versions can be affected but this is only applicable if one of the following features is activated on the device as listed above.

So you would need to migrate to a fix in the 15.x base to overcome this vulnerability.

Regards,

Aditya

0 Helpful
Customers Also Viewed These Support Documents