Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CWMS v1.5 OpenSSL

Hello,

 

Following the recent alert for the HeartBleed vulnerability in OpenSSL I'm trying to determine if our WebEX meeting server v1.5 is vulnerable. I found the document below but it's not clear which particular version is in use - http://www.wbximg.com/includes/documents/Cisco_Webex_Meetings_Server_1.5_Open_Source_Documentation.pdf

 

Or, does this mean multiple version of OpenSSL are used??

 

Any help gratefully received!

4 REPLIES
New Member

I found that the CWMS 2.0.1

I found that the CWMS 2.0.1.107.B-AE  is exposed to vulnerability CVE-2014-0160 (OpenSSL HeartBleed)

 

New Member

Thanks for this - could you

Thanks for this - could you explain how you founds this info please? I'm hoping I can use the same method to find the info for CWMS1.5.

Cisco Employee

Hi BlueyVIII,The Cisco PSIRT

Hi BlueyVIII,

The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at  http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html .
An INTERIM Cisco Security Advisory was published on April 9th, 2014 at 0300 UTC and is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
The Cisco PSIRT will update this Cisco Security Advisory as more information becomes available.

 

HTH

Atul

Cisco Employee

Hi BlueyVIII,This

Hi BlueyVIII,

This vulnerability is seen only in CWMS 2.0 version and the previous versions are not affected by this vulnerability.

35
Views
0
Helpful
4
Replies
CreatePlease to create content