04-16-2014 03:41 AM - edited 03-18-2019 02:52 AM
https://tools.cisco.com/bugsearch/bug/CSCuo26378
So when I have EX90 with version TC6.3.0.3d8e7d1 everything is OK or should I upgrade it to TC6.3.1
Solved! Go to Solution.
04-17-2014 02:08 AM
Please remember to mark helpful responses and to set your question as answered if appropriate.
04-16-2014 12:15 PM
You could check the EX series in this link:
https://tools.cisco.com/bugsearch/bug/CSCuo26378
Also see the official information:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
· Cisco AnyConnect Secure Mobility Client for iOS [CSCuo17488] [*]
· Cisco ASA CX Context-Aware Security [CSCuo24523]
· Cisco Desktop Collaboration Experience DX650 [CSCuo16892]
· Cisco Edge 340 Digital Media Player
· Cisco IOS XE [CSCuo19730]
· Cisco Mobility Service Engine (MSE) [CSCuo20622]
· Cisco MS200X Ethernet Access Switch [CSCuo18736]
· Cisco Nexus 1000V InterCloud [CSCuo18287]
· Cisco Security Manager [CSCuo19265]
· Cisco TelePresence 1310 [CSCuo20210]
· Cisco TelePresence Conductor [CSCuo20306]
· Cisco TelePresence EX Series [CSCuo26378]
· Cisco Telepresence Integrator C Series [CSCuo26378]
· Cisco TelePresence IP Gateway Series [CSCuo21597]
· Cisco TelePresence ISDN GW 3241 [CSCuo21486]
· Cisco TelePresence ISDN GW MSE 8321 [CSCuo21486]
· Cisco TelePresence ISDN Link [CSCuo26686]
· Cisco TelePresence MX Series [CSCuo26378]
· Cisco TelePresence Profile Series [CSCuo26378]
· Cisco TelePresence Serial Gateway Series [CSCuo21535]
· Cisco TelePresence Server 8710, 7010 [CSCuo21468]
· Cisco TelePresence Server on Multiparty Media 310, 320 [CSCuo21468]
· Cisco TelePresence Server on Virtual Machine [CSCuo21468]
· Cisco TelePresence System 1000 [CSCuo20210]
· Cisco TelePresence System 1100 [CSCuo20210]
· Cisco TelePresence System 1300 [CSCuo20210]
· Cisco TelePresence System 3000 Series [CSCuo20210]
· Cisco TelePresence System 500-32 [CSCuo20210]
· Cisco TelePresence System 500-37 [CSCuo20210]
· Cisco TelePresence Supervisor MSE 8050 [CSCuo21584]
· Cisco TelePresence SX Series [CSCuo26378]
· Cisco TelePresence TX 9000 Series [CSCuo20210] Version 6.1.2.0 and prior
· Cisco TelePresence Video Communication Server (VCS) [CSCuo16472] [*]
· Cisco Unified 7800 series IP Phones [CSCuo16987]
· Cisco Unified 8961 IP Phone [CSCuo16938]
· Cisco Unified 9951 IP Phone [CSCuo16938]
· Cisco Unified 9971 IP Phone [CSCuo16938]
· Cisco Unified Communications Manager (UCM) 10.0 [CSCuo17440]
· Cisco Unified Presence Server (CUPS)[CSCuo21298], [CSCuo21289]
· Cisco Universal Small Cell 5000 Series running V3.4.2.x software [CSCuo22301]
· Cisco Universal Small Cell 7000 Series running V3.4.2.x software [CSCuo22301]
· Cisco WebEx Meetings Server versions 2.x [CSCuo17528] [*]
· FireAMP Private Cloud virtual appliance [*]
· Small Cell factory recovery root filesystem V2.99.4 or later [CSCuo22358]
04-17-2014 08:05 AM
the affected version for Cisco Telepresence Integrator C Series [CSCuo26378] is 5.0.0 and the fixes are on versions 5.1.11, 6.3.1 and 7.1.1 but our telepresence c40's versions are TC6.0.1.65adebe and TC6.2.0.20b1616. does that mean we're not affected?
04-17-2014 04:02 PM
The TC5.0.0 in the link is a bit misleading/confusing. It's all versions since TC5.0.0.
So, as yours are TC6.0.1 and TC6.2.0 they are both vulnerable. Please update to at least version TC6.3.1, or to TC7.1.1.
Please remember to mark helpful responses and to set your question as answered if appropriate.
04-22-2014 02:10 AM
So if fixed release for version 5 is 5.1.11, but Cisco are not releasing this, why do they bother suggesting to upgrade to this version if it will not be available?
If we have endpoints on 5.X which do not have a current support contract and access to a new release key, we cannot upgrade to a non vulnerable version.
04-22-2014 07:53 PM
Cisco have never suggested upgrading to TC5.1.11 - it's just mentioned in one page as a "Known fixed release". All discussions and other release information say to go to TC6.3.1, or preferably to the latest TC7.1.1.
In the case of this vulnerability, if you contact the TAC and request an upgrade key to address this particular security vulnerability, they should happily provide you with one, even though you are not covered by an active service contract.
See the "Customers Without Service Contracts" section under "Obtaining Fixed Software" in the Advisory.
Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
Please remember to mark helpful responses and to set your question as answered if appropriate.
04-17-2014 02:08 AM
Please remember to mark helpful responses and to set your question as answered if appropriate.
04-17-2014 06:56 AM
What about CTS 500-32 and CTS 500-37? I have version 1.8.2 and 1.9.3.
Are they vulnerable?
04-17-2014 04:18 PM
Yes. See [CSCuo20210] in Carroyoc's earlier post in this thread.
Please remember to mark helpful responses and to set your question as answered if appropriate.
04-17-2014 12:58 PM
We have several Ex90's and profile 52 series. All running version TC5.1.5.297625 according to the bug this version is vulnerable. Where do we get version 5.1.11 I dont see it in the download section. or do we upgrade to 7.1.1
04-17-2014 04:05 PM
TC5.1.11 is listed as a fixed version, but it was never released - the released versions are TC6.3.1 and TC7.1.1. You'll need to upgrade to one of those.
Please remember to mark helpful responses and to set your question as answered if appropriate.
04-22-2014 02:09 AM
So if fixed release for version 5 is 5.1.11, but Cisco are not releasing this, why do they bother suggesting to upgrade to this version if it will not be available?
If we have endpoints on 5.X which do not have a current support contract and access to a new release key, we cannot upgrade to a non vulnerable version.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide