OpenSSL June 2015 CSCuu83352 vulnerability

Walter Dey · ‎11-05-2015

Are you aware of

https://tools.cisco.com/bugsearch/bug/CSCuu83352

Symptom:

This product includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176

This bug has been opened to address the potential impact on this product.

Conditions:

Exposure is not configuration dependent.

Affects All UCS B-series firmware

Fixed version and estimated time for release on CCO.
2.2.7 --> Target Date: February 2016

Qiese Dides · ‎11-23-2015

Hi Walter,

Thanks for pointing out those vulnerabilitys, was there anything specific you were looking for towards these?

Regards,

Qiese Dides

Marcelo Morais · ‎11-23-2015

Hi Walter Dey,

thanks for sharing this.

Walter Dey and Qiese Dides,

as soon as the fixed release will only be available on Feb.2016, is there anything that we could do in the meantime?

Regards

Qiese Dides · ‎11-23-2015

Hi Marcelo,

As of now there is nothing that can be done (no work around) for this until Feburary 2016. The worse thing that could happen is that the KVM could be effected by the CVEs listed above. What that would cause is the KVM client to crash if one of these vulnerabilities was exploited. However, as of now we haven't seen anything like that happen.

I hope that helps.

- Qiese Dides

Marcelo Morais · ‎11-24-2015

Hi Qiese Dides,

thanks for the info (+5 !!!)

Regards.