We have CSM 4.4.0 SP2 patch 1 installed with no default configuration.
According to cisco, CSM is under Vulnerable Products list with cisco bug ID CSCuo19265.
Do I need to take any action for my CSM ?
Thanks & Regards
Solved! Go to Solution.
I am running 4.5.0, it is vulnerable because I have scanned it and tested it. I see version 4.6.0 has just popped up on cisco.com. Anyone confirm if that fixes the bug?
Im not sure if that's true. the release notes don't state anything about fixing that big. and also looking at the opensource licenses PDF for 4.6.0 it states OpenSSL version: 1.0.1e (which is the same version as 4.5.0 and all versions 1a through 1f are vulnerable).
I would find it very odd they didn't fix it considering it was released just yesterday.