CWMS v1.5 OpenSSL

BlueyVIII · ‎04-08-2014

Hello,

Following the recent alert for the HeartBleed vulnerability in OpenSSL I'm trying to determine if our WebEX meeting server v1.5 is vulnerable. I found the document below but it's not clear which particular version is in use - http://www.wbximg.com/includes/documents/Cisco_Webex_Meetings_Server_1.5_Open_Source_Documentation.pdf

Or, does this mean multiple version of OpenSSL are used??

Any help gratefully received!

denisov · ‎04-09-2014

I found that the CWMS 2.0.1.107.B-AE is exposed to vulnerability CVE-2014-0160 (OpenSSL HeartBleed)

BlueyVIII · ‎04-09-2014

Thanks for this - could you explain how you founds this info please? I'm hoping I can use the same method to find the info for CWMS1.5.

Atul Khanna · ‎04-09-2014

Hi BlueyVIII,

The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html .
An INTERIM Cisco Security Advisory was published on April 9th, 2014 at 0300 UTC and is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
The Cisco PSIRT will update this Cisco Security Advisory as more information becomes available.

HTH

Atul

Hari Haran S M · ‎04-10-2014

Hi BlueyVIII,

This vulnerability is seen only in CWMS 2.0 version and the previous versions are not affected by this vulnerability.