11-05-2015 06:56 AM - edited 03-01-2019 12:26 PM
Are you aware of
https://tools.cisco.com/bugsearch/bug/CSCuu83352
Symptom:
This product includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176
This bug has been opened to address the potential impact on this product.
Conditions:
Exposure is not configuration dependent.
Affects All UCS B-series firmware
Fixed version and estimated time for release on CCO.
2.2.7 --> Target Date: February 2016
11-23-2015 03:40 PM
Hi Walter,
Thanks for pointing out those vulnerabilitys, was there anything specific you were looking for towards these?
Regards,
Qiese Dides
11-23-2015 04:54 PM
Hi Walter Dey,
thanks for sharing this.
Walter Dey and Qiese Dides,
as soon as the fixed release will only be available on Feb.2016, is there anything that we could do in the meantime?
Regards
11-23-2015 05:42 PM
Hi Marcelo,
As of now there is nothing that can be done (no work around) for this until Feburary 2016. The worse thing that could happen is that the KVM could be effected by the CVEs listed above. What that would cause is the KVM client to crash if one of these vulnerabilities was exploited. However, as of now we haven't seen anything like that happen.
I hope that helps.
- Qiese Dides
11-24-2015 12:22 AM
Hi Qiese Dides,
thanks for the info (+5 !!!)
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide