Cisco Security Advisory
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
-
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:
- SSL/TLS Man-in-the-Middle Vulnerability
- DTLS Recursion Flaw Vulnerability
- DTLS Invalid Fragment Vulnerability
- SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability
- SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability
- Anonymous ECDH Denial of Service Vulnerability
- ECDSA NONCE Side-Channel Recovery Attack Vulnerability
Please note that the devices that are affected by this vulnerability are the devices acting as a Secure Sockets Layer (SSL) or Datagram Transport Layer Security (DTLS) server terminating SSL or DTLS connections or devices acting as an SSL client initiating an SSL or DTLS connection. Devices that are simply traversed by SSL or DTLS traffic without terminating it are not affected.
Cisco will release software updates that address these vulnerabilities.
Workarounds that mitigate these vulnerabilities may be available.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
-
Customers that wish to inquire about a product that is not currently listed in the sections below should contact the Cisco TAC or their support provider and open a TAC Case.
Vulnerable Products
Collaboration and Social Media- Cisco SocialMiner (CSCup24081)
- Cisco WebEx Meetings Server versions 1.x (CSCup22555)
- Cisco WebEx Meetings Server versions 2.x (CSCup22555)
- Cisco WebEx Node for MCS (CSCup34787)
Endpoint Clients and Client Software- Cisco Agent for OpenFlow (CSCup24058)
- Cisco AnyConnect Secure Mobility Client for Android (CSCup22547)
- Cisco AnyConnect Secure Mobility Client for desktop platforms (CSCup22547)
- Cisco AnyConnect Secure Mobility Client for iOS (CSCup22547)
- Cisco Jabber for Android (CSCup23952)
- Cisco Jabber for iOS (CSCup23957)
- Cisco Jabber for Mac (CSCup23910)
- Cisco Jabber Guest (CSCup65216)
- Cisco Jabber Software Development Kit (CSCup23934)
- Cisco Jabber Video for TelePresence (Movi) (CSCup24126)
- Cisco Jabber Video for iPad (CSCup23942)
- Cisco Jabber Voice for Android (CSCup23938)
- Cisco Jabber Voice for iPhone (CSCup23948)
- Cisco Jabber for Windows (CSCup23913)
- Cisco WebEx Connect Client for Windows (CSCup23973)
- Cisco WebEx Meetings Server (client) (CSCup22614)
- Cisco WebEx Meetings for BlackBerry (CSCup22617)
- Cisco WebEx Productivity Tools (CSCup22568)
Network Application, Service, and Acceleration- Cisco ACE Application Control Engine Module (ACE10, ACE20) (CSCup28056)
- Cisco ACE Application Control Engine Module (ACE30) (CSCup22544)
- Cisco ACE Application Control Engine Appliance (ACE4710) (CSCup22544)
- Cisco Wide Area Application Services (WAAS) (CSCup22648)
Network and Content Security Devices- Cisco Adaptive Security Appliance (ASA) Software (CSCup22532)
- Cisco ASA CX Context-Aware Security (CSCup24314)
- Cisco Content Security Management Appliance (SMA) (CSCup22506)
- Cisco Email Security Appliance (ESA) (CSCup21571)
- Cisco NAC Appliance (Clean Access Server) (CSCup24014)
- Cisco NAC Manager (Clean Access Manager) (CSCup24028)
- Cisco NAC Guest Server (CSCup24002)
- Cisco IPS (CSCup22652)
- Cisco Identity Service Engine (ISE) (CSCup22534)
- Cisco Physical Access Gateways (CSCup22414)
- Cisco Secure Access Control Server (ACS) (CSCup22665)
- Cisco Small Business ISA500 Series Integrated Security Appliances (CSCup24029)
- Cisco Virtual Security Gateway for Microsoft Hyper-V (CSCup22419)
- Cisco Virtual Security Gateway for VMware (CSCup22419)
- Cisco Web Security Appliance (WSA) (CSCup22522)
Network Management and Provisioning- Cisco Application Policy Infrastructure Controller (APIC) (CSCup22625)
- Cisco Application Networking Manager (ANM) (CSCup24492)
- Cisco Common Services Platform Collector (CSCup24136)
- Cisco MATE Products (CSCup22446)
- Cisco Prime Access Registrar (CSCup23967)
- Cisco Prime Collaboration Deployment (CSCup23962)
- Cisco Prime Collaboration Provisioning 10.5 (CSCup23964)
- Cisco Prime Data Center Network Manager (DCNM) (CSCup22646)
- Cisco Prime Infrastructure (CSCup22623)
- Cisco Prime IP Express (CSCup39248)
- Cisco Prime LAN Management Solution (LMS) (CSCup22054)
- Cisco Prime LAN Management Solution (LMS) - Solaris (CSCus55522)
- Cisco Prime License Manager (CSCup23915)
- Cisco Prime Network (CSCup22047)
- Cisco Prime Network Analysis Module (NAM) (CSCup24103)
- Cisco Prime Network Services Controller (PNSC) (CSCup22613)
- Cisco Prime Network Registrar (CPNR) (CSCup22498)
- Cisco Prime Optical for SPs (CSCup22035)
- Cisco Prime Performance Manager for SPs (CSCup22038)
- Cisco Quantum Policy Suite (QPS) (CSCup24089)
- Cisco Security Manager (CSCup22582)
- Security Module for Cisco Network Registar (CSCup44973)
Routing and Switching - Enterprise and Service Provider- Cisco 1000 Series Connected Grid Routers (CSCup24084)
- Cisco CSS 11500 Series Content Services Switches (CSCup28017)
- Cisco IOS Software (CSCup22590)
- Cisco IOS XE Software (CSCup22487)
- Cisco IOS XR Software (CSCup22654)
- Cisco MDS Switches (CSCup22563)
- Cisco Metro Ethernet 1200 Series Access Devices (CSCup70117)
- Cisco MXE 3500 Series (CSCup22361)
- Cisco MXE 5600 Series (CSCup2236)
- Cisco Nexus 1000V Intercloud (CSCup22571)
- Cisco Nexus 1000V Switch for Microsoft Hyper-V (CSCup23937)
- Cisco Nexus 1000V Switch for VMware vSphere (CSCup22641)
- Cisco Nexus 1010 Virtual Services Appliance (CSCup22643)
- Cisco Nexus 1100 Virtual Services Appliances (CSCup22643)
- Cisco Nexus 2000 Series Fabric Extenders (CSCup22365)(CSCup22663)
- Cisco Nexus 3000 Series Switches (CSCup44235)
- Cisco Nexus 3164 Switch (CSCup24057)
- Cisco Nexus 5000 Series Switches (CSCup22365)(CSCup22663)
- Cisco Nexus 5600 Series Switches (CSCup22365)(CSCup22663)
- Cisco Nexus 6000 Series Switches (CSCup22365)(CSCup22663)
- Cisco Nexus 7000 Series Switches (CSCup22563)
- Cisco Nexus 9000 Series Switches (CSCup24057)
- Cisco OnePK All-in-One VM (CSCup22592)
- Cisco ONS 15400 Series (CSCup24077)
Routing and Switching - Small Business- Cisco RV180W Wireless-N VPN Router (CSCuo18692)
- Cisco RV220W Wireless-N VPN Router (CSCuo18692)
- Cisco WAG310G Wireless-G ADSL2+ Gateway with VoIP (CSCup22426)
Unified Computing- Cisco UCS B-Series (Blade) Servers (CSCup22565)
- Cisco UCS C-Series (Standalone Rack) Servers (CSCup22566)
- Cisco UCS Central (CSCup22584)
- Cisco UCS Fabric Interconnects (CSCup53743)
- Cisco UCS Invicta Series Solid State Systems (CSCup22388)
Video, Streaming, TelePresence, and Transcoding Devices- Cisco D9036 Modular Encoding Platform (CSCup23995)
- Cisco Digital Media Manager (DMM) (CSCup24174)
- Cisco Edge 300 Digital Media Player (CSCup24260)
- Cisco Edge 340 Digital Media Player (CSCup24248)
- Cisco Digital Media Players (DMP) 4300 Series (CSCup92446)
- Cisco Digital Media Players (DMP) 4400 Series (CSCup92446)
- Cisco Expressway Series (CSCup25151)
- Cisco Enterprise Content Delivery System (ECDS) (CSCup24139)
- Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) (CSCup24156)
- Cisco Internet Streamer (CDS) (CSCup30939)
- Cisco IP Video Phone E20 (CSCup23984)
- Cisco MediaSense (CSCup24113)
- Cisco PowerVu D9190 Conditional Access Manager (PCAM) (CSCup24013)
- Cisco TelePresence Advanced Media Gateway Series (CSCup29733)
- Cisco TelePresence Conductor (CSCup22610)
- Cisco TelePresence Content Server (TCS) (CSCup22349)
- Cisco TelePresence EX Series (CSCup25163)
- Cisco TelePresence Exchange System (CTX) (CSCup23979)
- Cisco TelePresence Integrator C Series (CSCup25163)
- Cisco TelePresence IP Gateway Series (CSCup22636)
- Cisco TelePresence IP VCR Series (CSCup23998)
- Cisco TelePresence ISDN GW 3241 (CSCup22632)
- Cisco TelePresence ISDN GW MSE 8321 (CSCup22632)
- Cisco TelePresence ISDN Link (CSCup23978)
- Cisco TelePresence MCU all series (CSCup23994)
- Cisco TelePresence Multipoint Switch (CTMS) (CSCup23980)
- Cisco TelePresence MX Series (CSCup25163)
- Cisco TelePresence MXP Series (CSCup23989)
- Cisco TelePresence Profile Series (CSCup25163)
- Cisco TelePresence Recording Server (CTRS) (CSCup22338)
- Cisco TelePresence Serial Gateway Series (CSCup22633)
- Cisco TelePresence Server 8710, 7010 (CSCup22629)
- Cisco TelePresence Server on Multiparty Media 310, 320 (CSCup22629)
- Cisco TelePresence Server on Virtual Machine (CSCup22629)
- Cisco TelePresence Supervisor MSE 8050 (CSCup22635)
- Cisco TelePresence SX Series (CSCup25163)
- Cisco TelePresence System 1000 (CSCup22603)
- Cisco TelePresence System 1100 (CSCup22603)
- Cisco TelePresence System 1300 (CSCup22603)
- Cisco TelePresence 1310 (CSCup22603)
- Cisco TelePresence System 3000 Series (CSCup22603)
- Cisco TelePresence System 500-32 (CSCup22603)
- Cisco TelePresence System 500-37 (CSCup22603)
- Cisco TelePresence TX 9000 Series (CSCup22603)
- Cisco TelePresence T Series (T3) (CSCup25163)
- Cisco TelePresence Video Communication Server (VCS) (CSCup25151)
- Tandberg Codian ISDN GW 3210/3220/3240 (CSCup22632)
- Tandberg Codian MSE 8320 model (CSCup22632)
- Tandberg 770/880/990 MXP Series (CSCup23989)
- Cisco Video Surveillance 3000 Series IP Cameras (CSCup22372)
- Cisco Video Surveillance 4000 Series IP Cameras (CSCup22381)
- Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras (CSCup22377)
- Cisco Video Surveillance 6000 Series IP Cameras (CSCup22372)
- Cisco Video Surveillance 7000 Series IP Cameras (CSCup22372)
- Cisco Video Surveillance PTZ IP Cameras (CSCup22372)
- Cisco Videoscape AnyRes Live (CAL) (CSCup24177)
- Cisco Virtualization Experience Media Engine (CSCup47300)
Voice and Unified Communications Devices- Cisco Agent Desktop for Cisco Unified Contact Center Enterprise and Hosted (CSCup24189)
- Cisco Agent Desktop for Cisco Unified Contact Center Express (CSCup34257)
- Cisco ATA 187 Analog Telephone Adapter (CSCup24458)
- Cisco ATA 190 Series Analog Telephone Adapter (CSCup24100)
- Cisco Desktop Collaboration Experience DX650 (CSCup22514)
- Cisco Emergency Responder (CER) (CSCup24079)
- Cisco Paging Server (CSCup24093)
- Cisco SPA112 2-Port Phone Adapter (CSCup24514)
- Cisco SPA122 ATA with Router (CSCup24514)
- Cisco SPA232D Multi-Line DECT ATA (CSCup24514)
- Cisco SPA300 Series IP Phones (CSCup39003)
- Cisco SPA500 Series IP Phones (CSCup39003)
- Cisco SPA510 Series IP Phones (CSCup39003)
- Cisco SPA525 Series IP Phones (CSCup38998)
- Cisco TAPI Service Provider (TSP) (CSCup35534)
- Cisco Computer Telephony Integration Object Server (CTIOS) (CSCup24074)
- Cisco Unified Attendant Console (all editions) (CSCup23967)
- Cisco Unified Attendant Console Advanced (CSCup24304)
- Cisco Unified Communications 500 Series (CSCup22590)
- Cisco Unified Communications Manager (UCM) (CSCup22670)
- Cisco Unified Communications Manager Session Management Edition (SME) (CSCup22670)
- Cisco Unified Communications Widgets Click To Call (CSCup30489)
- Cisco Unified Contact Center Enterprise (CSCup24074)
- Cisco Unified Contact Center Express (CSCup24073)
- Cisco Unified Domain Manager (CSCup24018)
- Cisco Unified 6901/6911 IP Phones (CSCuq05675)
- Cisco Unified 6945 IP Phone (CSCuq05680)
- Cisco Unified 6921/6941/6961 Series IP Phones (CSCup22596)
- Cisco Unified 7800 Series IP Phones (CSCup22531)
- Cisco Unified 7900 Series IP Phones (CSCup22595)
- Cisco Unified 8831 IP Phone (CSCup22638)
- Cisco Unified 8941 IP Phone (CSCup22598)
- Cisco Unified 8945 IP Phone (CSCup22598)
- Cisco Unified 8961 IP Phone (CSCup22539)
- Cisco Unified 9951 IP Phone (CSCup22539)
- Cisco Unified 9971 IP Phone (CSCup22539)
- Cisco Unified IM and Presence Services (CUPS) (CSCup22627)
- Cisco Unified Intelligent Contact Management Enterprise (CSCup24074)
- Cisco Unified IP Conference Phone 8831 (CSCup37353)
- Cisco Unified Wireless IP Phone 2920 Series (CSCup37238)
- Cisco Unified Workforce Optimization (CSCup22397)
- Cisco Unity Connection (UC) (CSCup24038)
Wireless- Cisco Mobility Service Engine (MSE) (CSCup22619)
- Cisco Universal Small Cell 5000 Series running V3.4.2.x software (CSCup22656)
- Cisco Universal Small Cell 7000 Series running V3.4.2.x software (CSCup22656)
- Cisco Wireless LAN Controller (WLC) (CSCup22587)
- Small Cell Factory Recovery root Filesystem V2.99.4 or later (CSCup22656)
The following Cisco services were found to be affected by one or more of the vulnerabilities documented in this advisory.
- Cisco USC Invicta Series Autosupport Portal (CSCup22667)
- Cisco Proactive Network Operations Center (CSCup24163)
- Cisco Registered Envelope Service (CRES) (CSCup22537)
- Cisco Smart Call Home (CSCup24112)
- Cisco Smart Care (CSCup24109)
- Cisco WebEx Messenger Service (CSCup21560)
Products Confirmed Not Vulnerable
Note: The following list includes Cisco applications that are intended to be installed on a customer-provided host (either a physical server or a virtual machine) with a customer-installed operating system. Those products may use the Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) functionality as provided by the host operating system on which the Cisco product is installed. While those Cisco products do not directly include an affected version of OpenSSL (and therefore are not impacted by this vulnerability), Cisco recommends that customers review their host operating system installation and perform any upgrades necessary to address this vulnerability, according to the operating system vendor recommendations and general operating system security best practices.
The following Cisco products have been analyzed and are not affected by this vulnerability:
Collaboration and Social Media
- Cisco Webex Social
Endpoint Clients and Client Software
- Cisco IP Communicator
- Cisco NAC Agent for Mac
- Cisco NAC Agent for Web
- Cisco NAC Agent for Windows
- Cisco UC Integration for Microsoft Lync
- Cisco Unified Personal Communicator
- Cisco Unified Video Advantage
- Webex Productivity Tools
Network Application, Service, and Acceleration
- Cisco ACE GSS 4400 Series Global Site Selector
- Cisco Application and Content Networking System (ACNS)
- Cisco Extensible Network Controller (XNC)
- Cisco Wide Area Application Services (WAAS) Mobile
Network and Content Security Devices
- Cisco Adaptive Security Device Manager
- Cisco Content Security Appliance Updater Servers
- Cisco IronPort Encryption Appliance (IEA)
- Cisco Physical Access Manager
Network Management and Provisioning
- Cisco Digital Media Manager (DMM)
- Cisco Discovery Service
- Cisco Insight Reporter
- Cisco Linear Stream Manager
- Cisco Prime Analytics
- Cisco Prime Cable Provisioning
- Cisco Prime Collaboration Assurance Manager
- Cisco Prime Home
- Cisco Prime Provisioning for SPs
- Cisco Show and Share (SnS)
- Cisco Unified Intelligence Center
- Cisco Unified Provisioning Manager (CUPM)
- Cisco Wireless Control System (WCS)
- CiscoWorks Network Compliance Manager
- Prime Collaboration Provisioning - 10.0
Routing and Switching - Enterprise and Service Provider
- Cisco Broadband Access Center Telco Wireless
- Cisco Nexus 4000 Series
Voice and Unified Communications Devices
- Cisco Billing and Measurements Server
- Cisco Finesse
- Cisco MGC Node Manage (CMNM)
- Cisco PSTN Gateway (PGW 2200)
- Cisco Remote Silent Monitoring
- Cisco SPA8000 8-port IP Telephony Gateway
- Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports
- Cisco Unified 3900 series IP Phones
- Cisco Unified Contact Center Domain Manager
- Cisco Unified Contact Center Management Portal
- Cisco Unified Customer Voice Portal (CVP)
- Cisco Unified E-Mail Interaction Manager
- Cisco Unified Operations Manager (CUOM)
- Cisco Unified Service Monitor
- Cisco Unified Sip Proxy
- Cisco Unified Web Interaction Manager
- Cisco Virtual PGW 2200 Softswitch
- Exony VIM/CCDM/CCMP
Video, Streaming, TelePresence, and Transcoding Devices
- Cisco AnyRes VOD (CAV)
- Cisco D9034-S Encoder
- Cisco D9054 HDTV Encoder
- Cisco D9804 Multiple Transport Receiver
- Cisco D9824 Advanced Multi Decryption Receiver
- Cisco D9854/D9854-I Advanced Program Receiver
- Cisco D9858 Advanced Receiver Transcoder
- Cisco D9859 Advanced Receiver Transcoder
- Cisco D9865 Satellite Receiver
- Cisco DCM Series 9900-Digital Content Manager
- Cisco TelePresence Management Suite (TMS)
- Cisco TelePresence Management Suite Analytics Extension (TMSAE)
- Cisco TelePresence Management Suite Extension (TMSXE)
- Cisco TelePresence Management Suite Extension for IBM
- Cisco TelePresence Management Suite Provisioning Extension
- Cisco TelePresence Manager (CTSMan)
- Cisco Unified Service Statistics Manager
Cisco Hosted Services
- Cisco One Portal
- Cisco Services Provisioning Platform (SPP)
- Cisco SmartConnection
- Cisco SmartReports
- Cisco Unified Services Delivery Platform (CUSDP)
- Cisco Universal Small Cell CloudBase
- Cisco WebEx WebOffice & Workspace
- Cisco Webex Messenger Service
-
The OpenSSL Project disclosed seven vulnerabilities on June 5, 2014. One or more of these vulnerabilities affect both client and server installations of OpenSSL. The vulnerability names and the associated Common Vulnerabilities and Exposures (CVE) IDs are as follows.
The impact of these vulnerabilities on Cisco products may vary depending on the affected product.
For Cisco products, please refer to the information provided in the Cisco bug IDs listed in the Affected Products section of this document. Additional information and detailed instructions are available in the Cisco installation, configuration, and maintenance guides for each product. If additional clarification or advice is needed, please contact your support organization.
SSL/TLS Man-in-the-Middle Vulnerability
An unauthenticated, remote attacker with the ability to intercept traffic between an affected client and server could successfully execute a man-in-the-middle attack.
This vulnerability has been assigned CVE ID CVE-2014-0224.
DTLS Recursion Flaw Vulnerability
An unauthenticated, remote attacker that can convince an affected client to connect to an attacker-controlled server could send an affected device a crafted DTLS packet. This could result in a partial or complete DoS condition on the affected device.
This vulnerability has been assigned CVE ID CVE-2014-0221.
DTLS Invalid Fragment Vulnerability
An unauthenticated, remote attacker could send a crafted DTLS packet to an affected device designed to trigger a buffer overflow condition. This could allow the attacker to gain the ability to execute arbitrary code with elevated privileges.
This vulnerability has been assigned CVE ID CVE-2014-0195.
SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability
An unauthenticated, remote attacker could submit a malicious request designed to trigger a NULL pointer dereference. This could result in a partial or complete DoS condition on the affected device.
This vulnerability has been assigned CVE ID CVE-2014-0198.
SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability
An unauthenticated, remote attacker could submit a malicious request designed to inject content into a parallel context or trigger a DoS condition.
This vulnerability has been assigned CVE ID CVE-2010-5298.
Anonymous ECDH Denial of Service Vulnerability
An unauthenticated, remote attacker that can convince an affected client to connect to an attacker-controlled server could submit a crafted certificate designed to trigger a NULL pointer dereference. If successful, the attacker could create a DoS condition.
This vulnerability has been assigned CVE ID CVE-2014-3470.
ECDSA NONCE Side-Channel Recovery Attack Vulnerability
An attacker with the ability to run an application on an affected device could recover portions of ECDSA cryptographic materials via a side-channel attack. This could allow the attacker to reconstruct encryption keys used for the protection of network communications.
This vulnerability has been assigned CVE ID CVE-2014-0076.
For additional details, customers are advised to reference the OpenSSL Project security advisory: http://www.openssl.org/news/secadv_20140605.txt
-
For potential workarounds on a specific Cisco product, refer to the Cisco bug ID, available from the Cisco Bug Search Tool.
Cisco has published an Event Response for this vulnerability:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_OpenSSL_06052014.html
-
When considering software upgrades, customers are advised to consult the Cisco Security Advisories, Responses, and Notices archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerabilities that are described in this advisory.
These vulnerabilities were publicly disclosed by the OpenSSL Project on June 5, 2014.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 1.28 2015-March-27 The Products Under Investigation, Vulnerable, and Confirmed Not Vulnerable sections have been updated. Advisory Status moved to Final, no additional updates expected. Revision 1.27 2015-March-13 The Products Under Investigation, Vulnerable, and Confirmed Not Vulnerable sections have been updated. Revision 1.26 2015-February-25 Updated the Affected Produccts and Confirmed Vulnerable Sections. Revision 1.25 2015-January-26 Updated the Affected Products and Products Confirmed Not Vulnerable sections. Revision 1.24 2014-November-26 Updated the Affected Products and Products Confirmed Not Vulnerable sections. Revision 1.23 2014-November-12 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.22 2014-October-30 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.21 2014-August-06 Updated the Affected Products and Vulnerable Products sections. Linked bug IDs of currently known affected products. Revision 1.20 2014-July-30 Added secondary bug ID CSCup22663 for Nexus 2000, 5000, 5600, and 6000. Updated the Vulnerable Products section. Linked bug IDs of currently known affected products. Revision 1.19 2014-July-23 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.18 2014-July-18 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.17 2014-July-14 Updated the Affected Products, Vulnerable Products. Linked bug IDs of currently known affected products. Revision 1.16 2014-July-09 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.15 2014-July-07 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.14 2014-July-03 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.13 2014-June-27 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.12 2014-June-25 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.11 2014-June-23 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.10 2014-June-20 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.9 2014-June-19 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.8 2014-June-18 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.7 2014-June-16 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.6 2014-June-13 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.5 2014-June-12 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.4 2014-June-11 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.3 2014-June-10 Updated the Affected Products and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Provided clarification in Products Confirmed Not Vulnerable section regarding customer-maintained operating systems. Revision 1.2 2014-June-09 Updated the Affected Products and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products. Revision 1.1 2014-June-06 Updated the Affected Products and Products Confirmed Not Vulnerable sections. Revision 1.0 2014-June-05 Initial public release.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.