Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
2
Replies

C40 Flagged by Security

Go to solution
gregkoerner
Level 1
Level 1

‎12-12-2014 07:25 AM - edited ‎03-18-2019 03:47 AM

Greetings - The C40 I have running 5.1.13 continues to be flagged by my security team for:

CVE-2014-0221

CVE-2014-0195

CVE-2014-3470

 

I was under the impression that 5.1.13 would fix the open SSL problems. Is this not the case? Has anyone else had similar issues or implemented any workarounds?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni

‎12-12-2014 08:25 AM

All 3 security issues are addressed in this advisory: cisco-sa-20140605-openssl.  The bug in that advisory for C Series codecs CSCup25163 says it resolves CVE-2014-3470, but doesn't mention the other two.  They could be fixed in the versions noted in the bug, which are TC6.0.3 and TC7.1.4, though not documented since I only found a reference to 3470 in the release notes, or it could be that a fix might still be pending for the others.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni

‎12-12-2014 08:25 AM

All 3 security issues are addressed in this advisory: cisco-sa-20140605-openssl.  The bug in that advisory for C Series codecs CSCup25163 says it resolves CVE-2014-3470, but doesn't mention the other two.  They could be fixed in the versions noted in the bug, which are TC6.0.3 and TC7.1.4, though not documented since I only found a reference to 3470 in the release notes, or it could be that a fix might still be pending for the others.

0 Helpful

Go to solution
gregkoerner
Level 1
Level 1
In response to Patrick Sparkman

‎12-12-2014 12:55 PM

Thanks for the quick reply Patrick. 

0 Helpful
Customers Also Viewed These Support Documents