Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco TelePresence products vulnerable to CVE-2014-0160 -aka Heartbleed

https://tools.cisco.com/bugsearch/bug/CSCuo26378

 

So when I have EX90 with version TC6.3.0.3d8e7d1 everything is OK or should I upgrade it to TC6.3.1

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Green

TC6.3.0 is vulnerable. You

TC6.3.0 is vulnerable. You'll need to upgrade to TC6.3.1 or TC7.1.1.
Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
11 REPLIES

You could check the EX series

You could check the EX series in this link:

https://tools.cisco.com/bugsearch/bug/CSCuo26378

Also see the official information:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed 

·         Cisco AnyConnect Secure Mobility Client for iOS [CSCuo17488] [*]

·         Cisco ASA CX Context-Aware Security [CSCuo24523]

·         Cisco Desktop Collaboration Experience DX650 [CSCuo16892]

·         Cisco Edge 340 Digital Media Player

·         Cisco IOS XE [CSCuo19730]

·         Cisco Mobility Service Engine (MSE) [CSCuo20622]

·         Cisco MS200X Ethernet Access Switch [CSCuo18736]

·         Cisco Nexus 1000V InterCloud [CSCuo18287]

·         Cisco Security Manager [CSCuo19265]

·         Cisco TelePresence 1310 [CSCuo20210]

·         Cisco TelePresence Conductor [CSCuo20306]

·         Cisco TelePresence EX Series [CSCuo26378]

·         Cisco Telepresence Integrator C Series [CSCuo26378]

·         Cisco TelePresence IP Gateway Series [CSCuo21597]

·         Cisco TelePresence ISDN GW 3241 [CSCuo21486]

·         Cisco TelePresence ISDN GW MSE 8321 [CSCuo21486]

·         Cisco TelePresence ISDN Link [CSCuo26686]

·         Cisco TelePresence MX Series [CSCuo26378]

·         Cisco TelePresence Profile Series [CSCuo26378]

·         Cisco TelePresence Serial Gateway Series [CSCuo21535]

·         Cisco TelePresence Server 8710, 7010 [CSCuo21468]

·         Cisco TelePresence Server on Multiparty Media 310, 320 [CSCuo21468]

·         Cisco TelePresence Server on Virtual Machine [CSCuo21468]

·         Cisco TelePresence System 1000 [CSCuo20210]

·         Cisco TelePresence System 1100 [CSCuo20210]

·         Cisco TelePresence System 1300 [CSCuo20210]

·         Cisco TelePresence System 3000 Series [CSCuo20210]

·         Cisco TelePresence System 500-32 [CSCuo20210]

·         Cisco TelePresence System 500-37 [CSCuo20210]

·         Cisco TelePresence Supervisor MSE 8050 [CSCuo21584]

·         Cisco TelePresence SX Series [CSCuo26378]

·         Cisco TelePresence TX 9000 Series [CSCuo20210] Version 6.1.2.0 and prior

·         Cisco TelePresence Video Communication Server (VCS) [CSCuo16472] [*]

·         Cisco Unified 7800 series IP Phones [CSCuo16987]

·         Cisco Unified 8961 IP Phone [CSCuo16938]

·         Cisco Unified 9951 IP Phone [CSCuo16938]

·         Cisco Unified 9971 IP Phone [CSCuo16938]

·         Cisco Unified Communications Manager (UCM) 10.0 [CSCuo17440]

·         Cisco Unified Presence Server (CUPS)[CSCuo21298], [CSCuo21289]

·         Cisco Universal Small Cell 5000 Series running V3.4.2.x software [CSCuo22301]

·         Cisco Universal Small Cell 7000 Series running V3.4.2.x software [CSCuo22301]

·         Cisco WebEx Meetings Server versions 2.x [CSCuo17528] [*]

·         FireAMP Private Cloud virtual appliance [*]

·         Small Cell factory recovery root filesystem V2.99.4 or later [CSCuo22358]

New Member

the affected version for

the affected version for Cisco Telepresence Integrator C Series [CSCuo26378is 5.0.0 and the fixes are on versions 5.1.11, 6.3.1 and 7.1.1 but our telepresence c40's versions are TC6.0.1.65adebe and TC6.2.0.20b1616. does that mean we're not affected?

 
    VIP Green

    The TC5.0.0 in the link is a

    The TC5.0.0 in the link is a bit misleading/confusing. It's all versions since TC5.0.0.

    So, as yours are TC6.0.1 and TC6.2.0 they are both vulnerable. Please update to at least version TC6.3.1, or to TC7.1.1.

    Wayne
    --
    Please remember to rate responses and to mark your question as answered if appropriate.
    New Member

    So if fixed release for

    So if fixed release for version 5 is 5.1.11, but Cisco are not releasing this, why do they bother suggesting to upgrade to this version if it will not be available?

     

    If we have endpoints on 5.X which do not have a current support contract and access to a new release key, we cannot upgrade to a non vulnerable version.

    VIP Green

    In the case of this

    Cisco have never suggested upgrading to TC5.1.11 - it's just mentioned in one page as a "Known fixed release".  All discussions and other release information say to go to TC6.3.1, or preferably to the latest TC7.1.1.

    In the case of this vulnerability, if you contact the TAC and request an upgrade key to address this particular security vulnerability, they should happily provide you with one, even though you are not covered by an active service contract.

    See the "Customers Without Service Contracts" section under "Obtaining Fixed Software" in the Advisory.

    Wayne
    --
    Please remember to rate responses and to mark your question as answered if appropriate.

    Wayne
    --
    Please remember to rate responses and to mark your question as answered if appropriate.
    VIP Green

    TC6.3.0 is vulnerable. You

    TC6.3.0 is vulnerable. You'll need to upgrade to TC6.3.1 or TC7.1.1.
    Wayne
    --
    Please remember to rate responses and to mark your question as answered if appropriate.
    New Member

    What about CTS 500-32 and CTS

    What about CTS 500-32 and CTS 500-37? I have version 1.8.2 and 1.9.3.

    Are they vulnerable?

    VIP Green

    Yes.  See [CSCuo20210] in

    Yes.  See [CSCuo20210] in Carroyoc's earlier post in this thread.

    Wayne
    --
    Please remember to rate responses and to mark your question as answered if appropriate.
    New Member

    We have several Ex90's and

    We have several Ex90's and profile 52 series.  All running version TC5.1.5.297625   according to the bug this version is vulnerable.  Where do we get version 5.1.11  I dont see it in the download section. or do we upgrade to 7.1.1

    http://software.cisco.com/download/release.html?mdfid=283645001&flowid=21867&softwareid=280886992&release=7.1.1&relind=AVAILABLE&rellifecycle=&reltype=latest

    VIP Green

    TC5.1.11 is listed as a fixed

    TC5.1.11 is listed as a fixed version, but it was never released - the released versions are TC6.3.1 and TC7.1.1.  You'll need to upgrade to one of those.

    Wayne
    --
    Please remember to rate responses and to mark your question as answered if appropriate.
    New Member

    So if fixed release for

    So if fixed release for version 5 is 5.1.11, but Cisco are not releasing this, why do they bother suggesting to upgrade to this version if it will not be available?

     

    If we have endpoints on 5.X which do not have a current support contract and access to a new release key, we cannot upgrade to a non vulnerable version.

    2185
    Views
    0
    Helpful
    11
    Replies
    CreatePlease login to create content