cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
650
Views
0
Helpful
4
Replies

CWMS v1.5 OpenSSL

BlueyVIII
Level 1
Level 1

Hello,

 

Following the recent alert for the HeartBleed vulnerability in OpenSSL I'm trying to determine if our WebEX meeting server v1.5 is vulnerable. I found the document below but it's not clear which particular version is in use - http://www.wbximg.com/includes/documents/Cisco_Webex_Meetings_Server_1.5_Open_Source_Documentation.pdf

 

Or, does this mean multiple version of OpenSSL are used??

 

Any help gratefully received!

4 Replies 4

denisov
Level 1
Level 1

I found that the CWMS 2.0.1.107.B-AE  is exposed to vulnerability CVE-2014-0160 (OpenSSL HeartBleed)

 

Thanks for this - could you explain how you founds this info please? I'm hoping I can use the same method to find the info for CWMS1.5.

Hi BlueyVIII,

The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at  http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html .
An INTERIM Cisco Security Advisory was published on April 9th, 2014 at 0300 UTC and is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
The Cisco PSIRT will update this Cisco Security Advisory as more information becomes available.

 

HTH

Atul

Hi BlueyVIII,

This vulnerability is seen only in CWMS 2.0 version and the previous versions are not affected by this vulnerability.