Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WAAS openSSL vulnerabilities

Hi,

I have a client who is using WAAS devices running WAAS software version 4.4.3.4.

They have identified some vulnerabilities in the current version of openSSL (1.0.0a I think) that is included in that software release.

Do the newer releases have updated openSSL - preferably of a minimum version of 1.0.0g?

I cannot find any information in the release notes for newer release of WAAS software or anywhere else that indicates the version of included openSSL.

Any help would be much appreciated.

Regards

Matthew.

Everyone's tags (4)
2 REPLIES
New Member

WAAS openSSL vulnerabilities

A further issue that has been raised is that the version of Apache currently running (1.3) is no longer supported. Do newer versions the WAAS software have updated versions of Apache?

Cisco Employee

WAAS openSSL vulnerabilities

Hi Matthew,

For this kind of questions, please, open a TAC case describing the exact vulnerabilities that were detected. We'll then investigate them individually to see if they affect WAAS software or not.

Anyway, please, take into account that all the components inside the WAAS software have been highly customized over time, so the version numbers are not really relevant as most of the code may have changed when compared to the base version.

Regards

Daniel

792
Views
0
Helpful
2
Replies
CreatePlease login to create content