Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

Available Languages

Updated:July 3, 2014
Document ID:1454783397521726

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Cisco Security Advisory

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

Critical
Advisory ID:
cisco-sa-20140605-openssl
First Published:
2014 June 5 22:40 GMT
Last Updated: 
2015 March 27 19:50 GMT
Version 1.28:
Final
Workarounds:
See below
Cisco Bug IDs:
CSCup22590
CVE-2010-5298
CVE-2014-0076
CVE-2014-0195

More...

CVSS Score:
Base 10.0, Temporal 8.3Click Icon to Copy Verbose Score
AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
CVE-2010-5298
CVE-2014-0076
CVE-2014-0195

More...

Summary

  • Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:
    • SSL/TLS Man-in-the-Middle Vulnerability
    • DTLS Recursion Flaw Vulnerability
    • DTLS Invalid Fragment Vulnerability
    • SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability
    • SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability
    • Anonymous ECDH Denial of Service Vulnerability
    • ECDSA NONCE Side-Channel Recovery Attack Vulnerability

    Please note that the devices that are affected by this vulnerability are the devices acting as a Secure Sockets Layer (SSL) or Datagram Transport Layer Security (DTLS) server terminating SSL or DTLS connections or devices acting as an SSL client initiating an SSL or DTLS connection. Devices that are simply traversed by SSL or DTLS traffic without terminating it are not affected.

    Cisco will release software updates that address these vulnerabilities.

    Workarounds that mitigate these vulnerabilities may be available.

    This advisory is available at the following link:
    https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

Affected Products

  • Customers that wish to inquire about a product that is not currently listed in the sections below should contact the Cisco TAC or their support provider and open a TAC Case.

    Vulnerable Products

    Collaboration and Social Media
    Endpoint Clients and Client Software
    Network Application, Service, and Acceleration
    • Cisco ACE Application Control Engine Module (ACE10, ACE20) (CSCup28056)
    • Cisco ACE Application Control Engine Module (ACE30) (CSCup22544)
    • Cisco ACE Application Control Engine Appliance (ACE4710) (CSCup22544)
    • Cisco Wide Area Application Services (WAAS) (CSCup22648)

    Network and Content Security Devices
    • Cisco Adaptive Security Appliance (ASA) Software (CSCup22532)
    • Cisco ASA CX Context-Aware Security (CSCup24314)
    • Cisco Content Security Management Appliance (SMA) (CSCup22506)
    • Cisco Email Security Appliance (ESA) (CSCup21571)
    • Cisco NAC Appliance (Clean Access Server) (CSCup24014)
    • Cisco NAC Manager (Clean Access Manager) (CSCup24028)
    • Cisco NAC Guest Server (CSCup24002)
    • Cisco IPS (CSCup22652)
    • Cisco Identity Service Engine (ISE) (CSCup22534)
    • Cisco Physical Access Gateways (CSCup22414)
    • Cisco Secure Access Control Server (ACS) (CSCup22665)
    • Cisco Small Business ISA500 Series Integrated Security Appliances (CSCup24029)
    • Cisco Virtual Security Gateway for Microsoft Hyper-V (CSCup22419)
    • Cisco Virtual Security Gateway for VMware (CSCup22419)
    • Cisco Web Security Appliance (WSA) (CSCup22522)

    Network Management and Provisioning
    Routing and Switching - Enterprise and Service Provider
    Routing and Switching - Small Business
    • Cisco RV180W Wireless-N VPN Router (CSCuo18692)
    • Cisco RV220W Wireless-N VPN Router (CSCuo18692)
    • Cisco WAG310G Wireless-G ADSL2+ Gateway with VoIP (CSCup22426)

    Unified Computing
    Video, Streaming, TelePresence, and Transcoding Devices
    • Cisco D9036 Modular Encoding Platform (CSCup23995)
    • Cisco Digital Media Manager (DMM) (CSCup24174)
    • Cisco Edge 300 Digital Media Player (CSCup24260)
    • Cisco Edge 340 Digital Media Player (CSCup24248)
    • Cisco Digital Media Players (DMP) 4300 Series (CSCup92446)
    • Cisco Digital Media Players (DMP) 4400 Series (CSCup92446)
    • Cisco Expressway Series (CSCup25151)
    • Cisco Enterprise Content Delivery System (ECDS) (CSCup24139)
    • Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) (CSCup24156)
    • Cisco Internet Streamer (CDS) (CSCup30939)
    • Cisco IP Video Phone E20 (CSCup23984)
    • Cisco MediaSense (CSCup24113)
    • Cisco PowerVu D9190 Conditional Access Manager (PCAM) (CSCup24013)
    • Cisco TelePresence Advanced Media Gateway Series (CSCup29733)
    • Cisco TelePresence Conductor (CSCup22610)
    • Cisco TelePresence Content Server (TCS) (CSCup22349)
    • Cisco TelePresence EX Series (CSCup25163)
    • Cisco TelePresence Exchange System (CTX) (CSCup23979)
    • Cisco TelePresence Integrator C Series (CSCup25163)
    • Cisco TelePresence IP Gateway Series (CSCup22636)
    • Cisco TelePresence IP VCR Series (CSCup23998)
    • Cisco TelePresence ISDN GW 3241 (CSCup22632)
    • Cisco TelePresence ISDN GW MSE 8321 (CSCup22632)
    • Cisco TelePresence ISDN Link (CSCup23978)
    • Cisco TelePresence MCU all series (CSCup23994)
    • Cisco TelePresence Multipoint Switch (CTMS) (CSCup23980)
    • Cisco TelePresence MX Series (CSCup25163)
    • Cisco TelePresence MXP Series (CSCup23989)
    • Cisco TelePresence Profile Series (CSCup25163)
    • Cisco TelePresence Recording Server (CTRS) (CSCup22338)
    • Cisco TelePresence Serial Gateway Series (CSCup22633)
    • Cisco TelePresence Server 8710, 7010 (CSCup22629)
    • Cisco TelePresence Server on Multiparty Media 310, 320 (CSCup22629)
    • Cisco TelePresence Server on Virtual Machine (CSCup22629)
    • Cisco TelePresence Supervisor MSE 8050 (CSCup22635)
    • Cisco TelePresence SX Series (CSCup25163)
    • Cisco TelePresence System 1000 (CSCup22603)
    • Cisco TelePresence System 1100 (CSCup22603)
    • Cisco TelePresence System 1300 (CSCup22603)
    • Cisco TelePresence 1310 (CSCup22603)
    • Cisco TelePresence System 3000 Series (CSCup22603)
    • Cisco TelePresence System 500-32 (CSCup22603)
    • Cisco TelePresence System 500-37 (CSCup22603)
    • Cisco TelePresence TX 9000 Series (CSCup22603)
    • Cisco TelePresence T Series (T3) (CSCup25163)
    • Cisco TelePresence Video Communication Server (VCS) (CSCup25151)
    • Tandberg Codian ISDN GW 3210/3220/3240 (CSCup22632)
    • Tandberg Codian MSE 8320 model (CSCup22632)
    • Tandberg 770/880/990 MXP Series (CSCup23989)
    • Cisco Video Surveillance 3000 Series IP Cameras (CSCup22372)
    • Cisco Video Surveillance 4000 Series IP Cameras (CSCup22381)
    • Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras (CSCup22377)
    • Cisco Video Surveillance 6000 Series IP Cameras (CSCup22372)
    • Cisco Video Surveillance 7000 Series IP Cameras (CSCup22372)
    • Cisco Video Surveillance PTZ IP Cameras (CSCup22372)
    • Cisco Videoscape AnyRes Live (CAL) (CSCup24177)
    • Cisco Virtualization Experience Media Engine (CSCup47300)

    Voice and Unified Communications Devices
    • Cisco Agent Desktop for Cisco Unified Contact Center Enterprise and Hosted (CSCup24189)
    • Cisco Agent Desktop for Cisco Unified Contact Center Express (CSCup34257)
    • Cisco ATA 187 Analog Telephone Adapter (CSCup24458)
    • Cisco ATA 190 Series Analog Telephone Adapter (CSCup24100)
    • Cisco Desktop Collaboration Experience DX650 (CSCup22514)
    • Cisco Emergency Responder (CER) (CSCup24079)
    • Cisco Paging Server (CSCup24093)
    • Cisco SPA112 2-Port Phone Adapter (CSCup24514)
    • Cisco SPA122 ATA with Router (CSCup24514)
    • Cisco SPA232D Multi-Line DECT ATA (CSCup24514)
    • Cisco SPA300 Series IP Phones (CSCup39003)
    • Cisco SPA500 Series IP Phones (CSCup39003)
    • Cisco SPA510 Series IP Phones (CSCup39003)
    • Cisco SPA525 Series IP Phones (CSCup38998)
    • Cisco TAPI Service Provider (TSP) (CSCup35534)
    • Cisco Computer Telephony Integration Object Server (CTIOS) (CSCup24074)
    • Cisco Unified Attendant Console (all editions) (CSCup23967)
    • Cisco Unified Attendant Console Advanced (CSCup24304)
    • Cisco Unified Communications 500 Series (CSCup22590)
    • Cisco Unified Communications Manager (UCM) (CSCup22670)
    • Cisco Unified Communications Manager Session Management Edition (SME) (CSCup22670)
    • Cisco Unified Communications Widgets Click To Call (CSCup30489)
    • Cisco Unified Contact Center Enterprise (CSCup24074)
    • Cisco Unified Contact Center Express (CSCup24073)
    • Cisco Unified Domain Manager (CSCup24018)
    • Cisco Unified 6901/6911 IP Phones (CSCuq05675)
    • Cisco Unified 6945 IP Phone (CSCuq05680)
    • Cisco Unified 6921/6941/6961 Series IP Phones (CSCup22596)
    • Cisco Unified 7800 Series IP Phones (CSCup22531)
    • Cisco Unified 7900 Series IP Phones (CSCup22595)
    • Cisco Unified 8831 IP Phone (CSCup22638)
    • Cisco Unified 8941 IP Phone (CSCup22598)
    • Cisco Unified 8945 IP Phone (CSCup22598)
    • Cisco Unified 8961 IP Phone (CSCup22539)
    • Cisco Unified 9951 IP Phone (CSCup22539)
    • Cisco Unified 9971 IP Phone (CSCup22539)
    • Cisco Unified IM and Presence Services (CUPS) (CSCup22627)
    • Cisco Unified Intelligent Contact Management Enterprise (CSCup24074)
    • Cisco Unified IP Conference Phone 8831 (CSCup37353)
    • Cisco Unified Wireless IP Phone 2920 Series (CSCup37238)
    • Cisco Unified Workforce Optimization (CSCup22397)
    • Cisco Unity Connection (UC) (CSCup24038)

    Wireless
    • Cisco Mobility Service Engine (MSE) (CSCup22619)
    • Cisco Universal Small Cell 5000 Series running V3.4.2.x software (CSCup22656)
    • Cisco Universal Small Cell 7000 Series running V3.4.2.x software (CSCup22656)
    • Cisco Wireless LAN Controller (WLC) (CSCup22587)
    • Small Cell Factory Recovery root Filesystem V2.99.4 or later (CSCup22656)

    The following Cisco services were found to be affected by one or more of the vulnerabilities documented in this advisory.

    Products Confirmed Not Vulnerable

    Note: The following list includes Cisco applications that are intended to be installed on a customer-provided host (either a physical server or a virtual machine) with a customer-installed operating system. Those products may use the Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) functionality as provided by the host operating system on which the Cisco product is installed. While those Cisco products do not directly include an affected version of OpenSSL (and therefore are not impacted by this vulnerability), Cisco recommends that customers review their host operating system installation and perform any upgrades necessary to address this vulnerability, according to the operating system vendor recommendations and general operating system security best practices.

    The following Cisco products have been analyzed and are not affected by this vulnerability:


    Collaboration and Social Media
    • Cisco Webex Social

    Endpoint Clients and Client Software
    • Cisco IP Communicator
    • Cisco NAC Agent for Mac
    • Cisco NAC Agent for Web
    • Cisco NAC Agent for Windows
    • Cisco UC Integration for Microsoft Lync
    • Cisco Unified Personal Communicator
    • Cisco Unified Video Advantage
    • Webex Productivity Tools

    Network Application, Service, and Acceleration
    • Cisco ACE GSS 4400 Series Global Site Selector
    • Cisco Application and Content Networking System (ACNS)
    • Cisco Extensible Network Controller (XNC)
    • Cisco Wide Area Application Services (WAAS) Mobile

    Network and Content Security Devices
    • Cisco Adaptive Security Device Manager
    • Cisco Content Security Appliance Updater Servers
    • Cisco IronPort Encryption Appliance (IEA)
    • Cisco Physical Access Manager

    Network Management and Provisioning
    • Cisco Digital Media Manager (DMM)
    • Cisco Discovery Service
    • Cisco Insight Reporter
    • Cisco Linear Stream Manager
    • Cisco Prime Analytics
    • Cisco Prime Cable Provisioning
    • Cisco Prime Collaboration Assurance Manager
    • Cisco Prime Home
    • Cisco Prime Provisioning for SPs
    • Cisco Show and Share (SnS)
    • Cisco Unified Intelligence Center
    • Cisco Unified Provisioning Manager (CUPM)
    • Cisco Wireless Control System (WCS)
    • CiscoWorks Network Compliance Manager
    • Prime Collaboration Provisioning - 10.0

    Routing and Switching - Enterprise and Service Provider
    • Cisco Broadband Access Center Telco Wireless
    • Cisco Nexus 4000 Series

    Voice and Unified Communications Devices
    • Cisco Billing and Measurements Server
    • Cisco Finesse
    • Cisco MGC Node Manage (CMNM)
    • Cisco PSTN Gateway (PGW 2200)
    • Cisco Remote Silent Monitoring
    • Cisco SPA8000 8-port IP Telephony Gateway
    • Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports
    • Cisco Unified 3900 series IP Phones
    • Cisco Unified Contact Center Domain Manager
    • Cisco Unified Contact Center Management Portal
    • Cisco Unified Customer Voice Portal (CVP)
    • Cisco Unified E-Mail Interaction Manager
    • Cisco Unified Operations Manager (CUOM)
    • Cisco Unified Service Monitor
    • Cisco Unified Sip Proxy
    • Cisco Unified Web Interaction Manager
    • Cisco Virtual PGW 2200 Softswitch
    • Exony VIM/CCDM/CCMP

    Video, Streaming, TelePresence, and Transcoding Devices
    • Cisco AnyRes VOD (CAV)
    • Cisco D9034-S Encoder
    • Cisco D9054 HDTV Encoder
    • Cisco D9804 Multiple Transport Receiver
    • Cisco D9824 Advanced Multi Decryption Receiver
    • Cisco D9854/D9854-I Advanced Program Receiver
    • Cisco D9858 Advanced Receiver Transcoder
    • Cisco D9859 Advanced Receiver Transcoder
    • Cisco D9865 Satellite Receiver
    • Cisco DCM Series 9900-Digital Content Manager
    • Cisco TelePresence Management Suite (TMS)
    • Cisco TelePresence Management Suite Analytics Extension (TMSAE)
    • Cisco TelePresence Management Suite Extension (TMSXE)
    • Cisco TelePresence Management Suite Extension for IBM
    • Cisco TelePresence Management Suite Provisioning Extension
    • Cisco TelePresence Manager (CTSMan)
    • Cisco Unified Service Statistics Manager

    Cisco Hosted Services
    • Cisco One Portal
    • Cisco Services Provisioning Platform (SPP)
    • Cisco SmartConnection
    • Cisco SmartReports
    • Cisco Unified Services Delivery Platform (CUSDP)
    • Cisco Universal Small Cell CloudBase
    • Cisco WebEx WebOffice & Workspace
    • Cisco Webex Messenger Service

Details

  • The OpenSSL Project disclosed seven vulnerabilities on June 5, 2014. One or more of these vulnerabilities affect both client and server installations of OpenSSL. The vulnerability names and the associated Common Vulnerabilities and Exposures (CVE) IDs are as follows.

    The impact of these vulnerabilities on Cisco products may vary depending on the affected product.

    For Cisco products, please refer to the information provided in the Cisco bug IDs listed in the Affected Products section of this document. Additional information and detailed instructions are available in the Cisco installation, configuration, and maintenance guides for each product. If additional clarification or advice is needed, please contact your support organization.

    SSL/TLS Man-in-the-Middle Vulnerability

    An unauthenticated, remote attacker with the ability to intercept traffic between an affected client and server could successfully execute a man-in-the-middle attack.

    This vulnerability has been assigned CVE ID CVE-2014-0224.

    DTLS Recursion Flaw Vulnerability

    An unauthenticated, remote attacker that can convince an affected client to connect to an attacker-controlled server could send an affected device a crafted DTLS packet. This could result in a partial or complete DoS condition on the affected device.

    This vulnerability has been assigned CVE ID CVE-2014-0221.

    DTLS Invalid Fragment Vulnerability

    An unauthenticated, remote attacker could send a crafted DTLS packet to an affected device designed to trigger a buffer overflow condition. This could allow the attacker to gain the ability to execute arbitrary code with elevated privileges.

    This vulnerability has been assigned CVE ID CVE-2014-0195.

    SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability

    An unauthenticated, remote attacker could submit a malicious request designed to trigger a NULL pointer dereference. This could result in a partial or complete DoS condition on the affected device.

    This vulnerability has been assigned CVE ID CVE-2014-0198.

    SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability

    An unauthenticated, remote attacker could submit a malicious request designed to inject content into a parallel context or trigger a DoS condition.

    This vulnerability has been assigned CVE ID CVE-2010-5298.

    Anonymous ECDH Denial of Service Vulnerability

    An unauthenticated, remote attacker that can convince an affected client to connect to an attacker-controlled server could submit a crafted certificate designed to trigger a NULL pointer dereference. If successful, the attacker could create a DoS condition.

    This vulnerability has been assigned CVE ID CVE-2014-3470.

    ECDSA NONCE Side-Channel Recovery Attack Vulnerability

    An attacker with the ability to run an application on an affected device could recover portions of ECDSA cryptographic materials via a side-channel attack. This could allow the attacker to reconstruct encryption keys used for the protection of network communications.

    This vulnerability has been assigned CVE ID CVE-2014-0076.

    For additional details, customers are advised to reference the OpenSSL Project security advisory: http://www.openssl.org/news/secadv_20140605.txt

Workarounds

Fixed Software

  • When considering software upgrades, customers are advised to consult the Cisco Security Advisories, Responses, and Notices archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory.

    These vulnerabilities were publicly disclosed by the OpenSSL Project on June 5, 2014.

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Action Links for This Advisory

Related to This Advisory

URL

Revision History

  • Revision 1.28 2015-March-27 The Products Under Investigation, Vulnerable, and Confirmed Not Vulnerable sections have been updated. Advisory Status moved to Final, no additional updates expected.
    Revision 1.27 2015-March-13 The Products Under Investigation, Vulnerable, and Confirmed Not Vulnerable sections have been updated.
    Revision 1.26 2015-February-25 Updated the Affected Produccts and Confirmed Vulnerable Sections.
    Revision 1.25 2015-January-26 Updated the Affected Products and Products Confirmed Not Vulnerable sections.
    Revision 1.24 2014-November-26 Updated the Affected Products and Products Confirmed Not Vulnerable sections.
    Revision 1.23 2014-November-12 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.22 2014-October-30 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.21 2014-August-06 Updated the Affected Products and Vulnerable Products sections. Linked bug IDs of currently known affected products.
    Revision 1.20 2014-July-30 Added secondary bug ID CSCup22663 for Nexus 2000, 5000, 5600, and 6000. Updated the Vulnerable Products section. Linked bug IDs of currently known affected products.
    Revision 1.19 2014-July-23 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.18 2014-July-18 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.17 2014-July-14 Updated the Affected Products, Vulnerable Products. Linked bug IDs of currently known affected products.
    Revision 1.16 2014-July-09 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.15 2014-July-07 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.14 2014-July-03 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.13 2014-June-27 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.12 2014-June-25 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.11 2014-June-23 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.10 2014-June-20 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.9 2014-June-19 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.8 2014-June-18 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.7 2014-June-16 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.6 2014-June-13 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.5 2014-June-12 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.4 2014-June-11 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.3 2014-June-10 Updated the Affected Products and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Provided clarification in Products Confirmed Not Vulnerable section regarding customer-maintained operating systems.
    Revision 1.2 2014-June-09 Updated the Affected Products and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.
    Revision 1.1 2014-June-06 Updated the Affected Products and Products Confirmed Not Vulnerable sections.
    Revision 1.0 2014-June-05 Initial public release.
    Show Less

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Action Links for This Advisory

Related to This Advisory