On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity.” Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as “High Severity” and the other as “Moderate Severity.” Of the 16 released vulnerabilities: Fourteen track issues that could result in a denial of service (DoS) condition One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system Five of the 16 vulnerabilities exclusively affect the recently released OpenSSL versions that are part of the 1.1.0 release series, which has not yet been integrated into any Cisco product. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
Product | Cisco Bug ID | Fixed Release Availability |
---|---|---|
Cable Modems | ||
Cisco IOS XE Software - Web user interface only | CSCvc32062 | |
Collaboration and Social Media | ||
Cisco SocialMiner | CSCvb50787 | |
Cisco Unified MeetingPlace | CSCvb48712 | 8.6MR1 (14-Oct-2016) |
Cisco WebEx Meetings Server Release 1.x | CSCvb48548 | 2.6.1.3xx (12-Oct-2016) |
Cisco WebEx Meetings Server Release 2.x | CSCvb48548 | 2.6.1.3xx (12-Oct-2016) |
Cisco WebEx Node for MCS | CSCvb48543 | Affected versions will be updated (25-Oct-2016) |
Endpoint Clients and Client Software | ||
Cisco Agent for OpenFlow | CSCvb48661 | No fix is expected. |
Cisco AnyConnect Secure Mobility Client for Android | CSCvb48664 | 4.0.7 (31-Oct-2016) |
Cisco AnyConnect Secure Mobility Client for Desktop Platforms | CSCvb48665 | 4.4 (30-Nov-2016) 4.3.4 (31-Dec-2016) |
Cisco AnyConnect Secure Mobility Client for Linux | CSCvb48663 | 4.0.7 (31-Oct-2016) |
Cisco AnyConnect Secure Mobility Client for Mac OS X | CSCvb48663 | 4.0.7 (31-Oct-2016) |
Cisco AnyConnect Secure Mobility Client for Windows | CSCvb48663 | 4.0.7 (31-Oct-2016) |
Cisco AnyConnect Secure Mobility Client for iOS | CSCvb48663 | 4.0.7 (31-Oct-2016) |
Cisco Jabber Client Framework (JCF) Components | CSCvb45724 | 11.8.0 (15-Nov-2016) |
Cisco Jabber Guest | CSCvb48710 | 11.0 (30-Nov-2016) |
Cisco Jabber Software Development Kit | CSCvb47717 | 11.8.0 (15-Nov-2016) |
Cisco Jabber for Android | CSCvb48725 | 11.8.0 1 (15-Nov-2016) |
Cisco Jabber for Mac | CSCvb48290 | 11.8.0 (15-Nov-2016) |
Cisco Jabber for Windows | CSCvb48708 | 11.8.0 (15-Nov-2016) |
Cisco WebEx Business Suite | CSCvb48552 | |
Cisco WebEx Meetings Client - Hosted | CSCvb48553 | T32 (21-Nov-2016) |
Cisco WebEx Meetings Client - On-Premises | CSCvb48547 | T32 (1-Nov-2016) |
Cisco WebEx Meetings Server - Multimedia Platform (MMP) | CSCvb48554 | Affected versions have been updated. |
Cisco WebEx Meetings for Android | CSCvb48544 | Affected versions will be updated (31-Oct-2016) |
Cisco WebEx Meetings for BlackBerry | CSCvb48545 | Users need to Update BlackBerry OS |
Cisco WebEx Meetings for Windows Phone 8 | CSCvb48546 | 2.8 (11-Nov-2016) |
Network Application, Service, and Acceleration | ||
Cisco ACE 4710 Application Control Engine - Running Software Release A5 | CSCvb48557 | No fix is expected. |
Cisco ACE30 Application Control Engine Module | CSCvb48557 | No fix is expected. |
Cisco Application and Content Networking System (ACNS) | CSCvb48634 | No fix is expected. |
Cisco InTracer | CSCvb48517 | No fix is expected. |
Cisco NAC Appliance - Clean Access Manager | CSCvb48635 | No fix is expected. |
Cisco Visual Quality Experience Server | CSCvb48633 | Affected versions will be fixed (28-Oct-16) |
Cisco Visual Quality Experience Tools Server | CSCvb48633 | Affected versions will be fixed (28-Oct-16) |
Cisco Wide Area Application Services (WAAS) | CSCvb48643 | All affected versions fixed (11-Sept-2016) |
Network and Content Security Devices | ||
Cisco ASA Next-Generation Firewall Services | CSCvb48642 | 2.1.2 (Dec. 2016) |
Cisco Adaptive Security Appliance (ASA) | CSCvb48640 | |
Cisco Clean Access Manager | CSCvb48636 | No fix is expected. |
Cisco Content Security Appliance Update Servers | CSCvb48539 | Affected versions will be updated (21-Oct-2016) |
Cisco Content Security Management Appliance (SMA) | CSCvb48537 | 11.0.0-115 |
Cisco Email Security Appliance (ESA) | CSCvb48533 | 11.0 (Available) |
Cisco FireSIGHT System Software | CSCvb48536 | 5.4.0.10 (5-Dec-2016) 5.4.1.9 (5-Dec-2016) 6.0.1.3 (21-Nov-2016) 6.1.0.1 (31-Oct-2016) |
Cisco Identity Services Engine (ISE) | CSCvb48654 | |
Cisco Intrusion Prevention System (IPS) Solutions | CSCvb48667 | No fix is expected. |
Cisco NAC Appliance - Clean Access Server | CSCvb48637 | No fix is expected. |
Cisco NAC Guest Server | CSCvb48638 | No fix is expected. |
Cisco Secure Access Control System (ACS) | CSCvb48662 | 5.8.0.32.7 (Jan-2017) 5.8.0.32.8 (Jan-2017) |
Cisco Web Security Appliance (WSA) | CSCvb48542 | Affected versions will be updated (1-May-2017) |
Network Management and Provisioning | ||
Cisco Application Networking Manager | CSCvb48558 | No fix is expected. |
Cisco Application Policy Infrastructure Controller (APIC) | CSCvb48563 | 2.2(1) (Jan-2017) |
Cisco Cloupia Unified Infrastructure Controller | CSCvb48560 | FB_MR1 (9-Dec-2016) |
Cisco Digital Media Manager | CSCvb48609 | 5.3.6_RB3 (29-Oct-2016) 5.4.1_RB4 (29-Oct-2016) |
Cisco Management Appliance | CSCvb48524 | Affected versions will be fixed (25-Jan-2017) |
Cisco Mobile Wireless Transport Manager | CSCvb48600 | No fix is expected. |
Cisco Multicast Manager | CSCvb48586 | No fix is expected. |
Cisco NetFlow Generation Appliance | CSCvb48596 | 1.1(1) (14-Oct-2016) |
Cisco Network Analysis Module | CSCvb48593 | 6.2(1-b) (14-Oct-2016) 6.2(2) (14-Oct-2016) |
Cisco Packet Tracer | CSCvb48617 | Affected versions have been updated. |
Cisco Policy Suite | CSCvc39197 | 12.0 (3-Mar-2017) |
Cisco Prime Access Registrar | CSCvb48589 | |
Cisco Prime Collaboration Assurance | CSCvb48599 | PCA 11.6 (Nov-2016) |
Cisco Prime Collaboration Deployment | CSCvb48693 | |
Cisco Prime Collaboration Provisioning | CSCvb48598 | 11.6 (7-Oct-2016) |
Cisco Prime Data Center Network Manager | CSCvb48562 | DCNM 10.2.(1) (1-May-2017) |
Cisco Prime IP Express | CSCvb48591 | |
Cisco Prime Infrastructure Plug and Play Standalone Gateway | CSCvb48594 | No fix is expected. |
Cisco Prime Infrastructure | CSCvb48595 | 3.2: (First quarter 2017) |
Cisco Prime LAN Management Solution - Solaris | CSCvb48585 | 4.2.5 (Available) MR5 (30-May-2017) |
Cisco Prime License Manager | CSCvb48619 | |
Cisco Prime Network Registrar | CSCvb48587 | CPNR 8.3.5 (Jan. 2017) CPNR 9.0 (Dec. 2016) |
Cisco Prime Network Services Controller | CSCvb48602 | Moved to openssl 1.01u (6-Oct-2016) |
Cisco Prime Network | CSCvb48581 | PN 431 (Dec. 2016) |
Cisco Prime Optical for Service Providers | CSCvb48590 | |
Cisco Prime Performance Manager | CSCvb48582 | 1.7.0 SP1611 (30-Nov-2016) |
Cisco Security Manager | CSCvb17176 | 4.13 (30-Jan-2017) 4.12 (30-Oct-2016) |
Cisco Smart Net Total Care - Local Collector appliance | CSCvb48680 | Affected versions will be updated (4-Nov-2016) |
Cisco UCS Central Software | CSCvb48578 | Affected versions will be fixed Mar 2017. |
Cisco Unified Intelligence Center | CSCvb50784 | 11.6(1) (15-Jun-2017) |
Lancope Stealthwatch Endpoint Concentrator | lancopeSep | 6.7.4 (Available) 6.8.3 (14-Nov-2016) 6.9.0 (Feb 2017) Patches: patch-common-LVA-ROLLUP001-6.7.x-6.7.4-03.swu (Available) patch-common-LVA-ROLLUP001-6.8.x-6.8.3-03.swu (Available) |
Lancope Stealthwatch FlowCollector NetFlow | lancopeSep | 6.7.4 (Available) 6.8.3 (14-Nov-2016) 6.9.0 (Feb 2017) Patches: patch-common-LVA-ROLLUP001-6.7.x-6.7.4-03.swu (Available) patch-common-LVA-ROLLUP001-6.8.x-6.8.3-03.swu (Available) |
Lancope Stealthwatch FlowCollector sFlow | lancopeSep | 6.7.4 (Available) 6.8.3 (14-Nov-2016) 6.9.0 (Feb 2017) Patches: patch-common-LVA-ROLLUP001-6.7.x-6.7.4-03.swu (Available) patch-common-LVA-ROLLUP001-6.8.x-6.8.3-03.swu (Available) |
Lancope Stealthwatch FlowSensor | lancopeSep | 6.7.4 (Available) 6.8.3 (14-Nov-2016) 6.9.0 (Feb 2017) Patches: patch-common-LVA-ROLLUP001-6.7.x-6.7.4-03.swu (Available) patch-common-LVA-ROLLUP001-6.8.x-6.8.3-03.swu (Available) |
Lancope Stealthwatch SMC | lancopeSep | 6.7.4 (Available) 6.8.3 (14-Nov-2016) 6.9.0 (Feb 2017) Patches: patch-common-LVA-ROLLUP001-6.7.x-6.7.4-03.swu (Available) patch-common-LVA-ROLLUP001-6.8.x-6.8.3-03.swu (Available) |
Lancope Stealthwatch UDP Director | lancopeSep | 6.7.4 (Available) 6.8.3 (14-Nov-2016) 6.9.0 (Feb 2017) Patches: patch-common-LVA-ROLLUP001-6.7.x-6.7.4-03.swu (Available) patch-common-LVA-ROLLUP001-6.8.x-6.8.3-03.swu (Available) |
Routing and Switching - Enterprise and Service Provider | ||
Cisco 910 Industrial Router | CSCvb48671 | 1.2.1RB4 (Available) |
Cisco ASR 5000 Series | CSCvb31279 | 21.2.0 (30-Apr-2017) |
Cisco Connected Grid Routers - Running Cisco CG-OS Software | CSCvb48559 | 7.3 (27-Oct-2016) |
Cisco Connected Grid Routers | CSCvb48684 | 15.008.009 (26-Oct-2016) |
Cisco IOS XR Software | CSCvb48604 | 6.3.1 (1-July-2017) |
Cisco IOS and Cisco IOS XE Software (16.3 and earlier releases) | CSCvb92562 | 16.4(2) 16.3(2) 15.5(3)M5 15.5(3)S5 See BST for more fix information. |
Cisco IOS and Cisco IOS XE Software (16.4 and later releases) | CSCvb48683 | 16.4(2) 16.3(2) 15.5(3)M5 15.5(3)S5 See BST for more fix information. |
Cisco MDS 9000 Series Multilayer Switches | CSCvb48567 | 5.2.8(i) (Dec 2016) 6.2.19 (Dec. 2016) |
Cisco MDS 9000 Series Multilayer Switches | CSCvb48568 | 5.2.8(i) (Dec. 2016) 6.2.19 (Dec. 2016) |
Cisco Nexus 1000V InterCloud | CSCvb48566 | |
Cisco Nexus 1000V Series Switches | CSCvb48570 | 5.2(1)SV3(2.5) (17-Dec-2016) |
Cisco Nexus 3000 Series Switches | CSCvb48572 | 6.0(2)A8(3) (Available) |
Cisco Nexus 4000 Series Blade Switches | CSCvb48670 | 4.1(2)E1(1r) (3-Mar-2017) |
Cisco Nexus 5000 Series Switches | CSCvb48568 | 5.2.8(i) (Dec. 2016) 6.2.19 (Dec. 2016) |
Cisco Nexus 5000 Series Switches | CSCvb48573 | |
Cisco Nexus 6000 Series Switches | CSCvb48568 | 5.2.8(i) (Dec. 2016) 6.2.19 (Dec. 2016) |
Cisco Nexus 7000 Series Switches | CSCvb48568 | 5.2.8(i) (Dec. 2016) 6.2.19 (Dec. 2016) |
Cisco Nexus 9000 Series Fabric Switches - ACI mode | CSCvb48565 | Danube 12.2(2x) (1-Dec-2016) |
Cisco Nexus 9000 Series Switches - Standalone, NX-OS mode | CSCvb48569 | 7.0(3)I5(1) (15-Oct-2016) |
Cisco ONS 15454 Series Multiservice Provisioning Platforms | CSCvb48647 | 10.7 (31-Jan-2017) |
Cisco Service Control Operating System | CSCvb48685 | Affected versions will be updated (15-Jan-2017) |
Cisco onePK All-in-One Virtual Machine | CSCvb48646 | Customers are advised to keep the software in their virtual machine installations up to date using the software upgrade utilities provided by the operating system. |
Routing and Switching - Small Business | ||
Cisco 220 Series Smart Plus (Sx220) Switches | CSCvb48655 | |
Cisco 500 Series Stackable (Sx500) Managed Switches | CSCvb48660 | No fix is expected. |
Cisco Small Business 300 Series (Sx300) Managed Switches | CSCvb48659 | No fix is expected. |
Unified Computing | ||
Cisco Common Services Platform Collector | CSCvb48520 | CASP 1.11 (Dec-2016) |
Cisco UCS 6200 Series and 6300 Series Fabric Interconnects | CSCvb48644 | Affected systems will be updated (15-Dec-2016) |
Cisco UCS B-Series Blade Servers | CSCvb48577 | 3.1.3: TBD |
Cisco UCS Director | CSCvb48561 | |
Cisco UCS Manager | CSCvb48645 | Affected versions will be fixed (15-Dec-2016) |
Cisco UCS Standalone C-Series Rack Server - Integrated Management Controller | CSCvb48579 | 3.0.0 (30-Nov-2016) |
Cisco Virtual Security Gateway | CSCvb48574 | 2.1.6 (2-Feb-2017) |
Voice and Unified Communications Devices | ||
Cisco ATA 187 Analog Telephone Adaptor | CSCvb48718 | |
Cisco ATA 190 Series Analog Terminal Adaptors | CSCvb48690 | 1.3.0: (1-Oct-2017) |
Cisco Agent Desktop for Cisco Unified Contact Center Express | CSCvb48695 | |
Cisco Computer Telephony Integration Object Server (CTIOS) | CSCvb48529 | 11.6.1 (1-July-2017) |
Cisco DX Series IP Phones | CSCvb48720 | Affected versions will be updated (3-Mar-2017) |
Cisco Emergency Responder | CSCvb48700 | Affected versions will be updated (20-Oct-2016) |
Cisco Hosted Collaboration Mediation Fulfillment | CSCvb48703 | 11.5(1) (22-Dec-2016) |
Cisco IP 7800 Series Phones | CSCvb48723 | |
Cisco IP 8800 Series Phones - VPN feature | CSCvb48721 | |
Cisco IP Interoperability and Collaboration System (IPICS) | CSCvb48628 | 5.0.2 (14-April-2017) |
Cisco Jabber for iPhone and iPad | CSCvb48705 | 11.8.0 (15-Nov-2016) |
Cisco MediaSense | CSCvb50790 | |
Cisco Packaged Contact Center Enterprise | CSCvb48530 | No fix is expected. |
Cisco Paging Server (InformaCast) | CSCvb48704 | All affected versions will be fixed (Oct-2016) |
Cisco Paging Server | CSCvb48704 | All affected versions will be fixed (Oct-2016) |
Cisco SPA112 2-Port Phone Adapter | CSCvb48656 | 1.4.2: (1-Oct-2017) |
Cisco SPA122 Analog Telephone Adapter (ATA) with Router | CSCvb48656 | 1.4.2: (1-Oct-2017) |
Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA) | CSCvb48656 | 1.4.2: (1-Oct-2017) |
Cisco SPA525G 5-Line IP Phone | CSCvb48657 | No fix is expected. |
Cisco TAPI Service Provider (TSP) | CSCvb48692 | No fix is expected. |
Cisco UC Integration for Microsoft Lync | CSCvb48697 | 11.6.3 (1-Nov-2016) |
Cisco Unified Attendant Console Advanced | CSCvb48688 | 12.0(1) (Available) |
Cisco Unified Attendant Console Business Edition | CSCvb48688 | 12.0(1) (Available) |
Cisco Unified Attendant Console Department Edition | CSCvb48688 | 12.0(1) (Available) |
Cisco Unified Attendant Console Enterprise Edition | CSCvb48688 | 12.0(1) (Available) |
Cisco Unified Attendant Console Premium Edition | CSCvb48688 | 12.0(1) (Available) |
Cisco Unified Attendant Console Standard | CSCvb48689 | 11.0.2 patch (Available) |
Cisco Unified Communications Domain Manager | CSCvb48696 | 11.5(1) (16-Dec-2016) |
Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) | CSCvb48701 | Affected versions will be updated (20-Oct-2016) |
Cisco Unified Communications Manager Session Management Edition | CSCvb48691 | Affected versions will be updated (20-Oct-2016) |
Cisco Unified Communications Manager | CSCvb48691 | Affected versions will be updated (20-Oct-2016) |
Cisco Unified Contact Center Enterprise - Live Data server | CSCvb50785 | |
Cisco Unified Contact Center Enterprise | CSCvb48529 | 11.6.1 (1-July-2017) |
Cisco Unified Contact Center Express | CSCvb50788 | 11.6: (10-Nov-2016) |
Cisco Unified IP 6901 Phone | CSCvb48713 | 9.3(1)SR3 (June 2016) |
Cisco Unified IP 6945 Phone | CSCvb48719 | |
Cisco Unified IP 7900 Series Phones | CSCvb48724 | No fix is expected. |
Cisco Unified IP 8831 Conference Phone for Third-Party Call Control | CSCvb48687 | 9.3(4)SR3 (13-May-2017) |
Cisco Unified IP 8831 Conference Phone | CSCvb48716 | 10.3.1SR4 (30-Nov-2017) |
Cisco Unified IP 8945 Phone | CSCvb48715 | 9.4.2SR4 (10-Nov-2017) |
Cisco Unified IP 8961 Phone | CSCvb48702 | |
Cisco Unified IP 9951 Phone | CSCvb48702 | |
Cisco Unified IP 9971 Phone | CSCvb48702 | |
Cisco Unified Intelligent Contact Management Enterprise | CSCvb48529 | 11.6.1 (1-July-2017) |
Cisco Unified SIP Proxy Software | CSCvb48516 | 10.0 (Mar-2017) |
Cisco Unified Wireless IP Phone | CSCvb48729 | |
Cisco Unified Workforce Optimization - Quality Management Solution | CSCvb48727 | 11.5(1)SU1 (31-Dec-2016) |
Cisco Unified Workforce Optimization | CSCvb48728 | |
Cisco Unity Connection | CSCvb48694 | |
Cisco Unity Express | CSCvb48514 | 10.0 (1-Feb-2017) |
Cisco Virtualization Experience Media Edition | CSCvb48726 | 11.8.0 (29-Nov-2016) |
Video, Streaming, TelePresence, and Transcoding Devices | ||
Cisco 4300 Series Digital Media Players | CSCvb48608 | 5.3.6_RB3 (29-Oct-2016) 5.4.1_RB4 (29-Oct-2016) |
Cisco 4400 Series Digital Media Players | CSCvb48608 | 5.3.6_RB3 (29-Oct-2016) 5.4.1_RB4 (29-Oct-2016) |
Cisco Cloud Object Storage | CSCvb48630 | Affected versions will be fixed (30-Oct-2016) |
Cisco DCM Series D990x Digital Content Manager | CSCvb48580 | |
Cisco Edge 300 Digital Media Player | CSCvb48672 | 1.6RB5 (26-Oct-2016) |
Cisco Edge 340 Digital Media Player | CSCvb48673 | 1.2RB1.0.3 (26-Oct-2016) |
Cisco Enterprise Content Delivery System (ECDS) | CSCvb48610 | 2.6.9 (7-Jan-2017) |
Cisco Expressway Series | CSCvb48625 | X8.8.3 (24-Oct-2016) |
Cisco MXE 3500 Series Media Experience Engines | CSCvb48615 | Affected versions will be fixed (7-Oct-2016) |
Cisco Media Services Interface | CSCvb48605 | No fix is expected. |
Cisco Show and Share | CSCvb48621 | No fix is expected. |
Cisco TelePresence Conductor | CSCvb48607 | XC4.3.1 (29-March-2017) |
Cisco TelePresence Content Server | CSCvb48623 | Affected versions will be updated (17-Oct-2016) |
Cisco TelePresence ISDN Gateway 3241 | CSCvb48611 | 2.2(1.122) (31-March-2017) |
Cisco TelePresence ISDN Gateway MSE 8321 | CSCvb48611 | 2.2(1.122) (31-March-2017) |
Cisco TelePresence ISDN Link | CSCvb48612 | |
Cisco TelePresence MCU 4200 Series, 4500 Series, 5300 Series, MSE 8420, and MSE 8510 | CSCvb48613 | MCU 4.5(1.89) (9-Dec-2016) |
Cisco TelePresence MX Series | CSCvb51602 | TC7.3.7 (Fix Available Now) CE8.2.2 (Oct. 2016) |
Cisco TelePresence Profile Series | CSCvb51602 | TC7.3.7 (Fix Available Now) CE8.2.2 (Oct. 2016) |
Cisco TelePresence SX Series | CSCvb51602 | TC7.3.7 (Fix Available Now) CE8.2.2 (Oct. 2016) |
Cisco TelePresence Serial Gateway Series | CSCvb48620 | |
Cisco TelePresence Server 7010 and MSE 8710 | CSCvb48624 | 4.4 (Nov 2016) |
Cisco TelePresence Server on Multiparty Media 310 and 320 | CSCvb48624 | 4.4 (Nov 2016) |
Cisco TelePresence Server on Multiparty Media 820 | CSCvb48624 | 4.4 (Nov 2016) |
Cisco TelePresence Server on Virtual Machine | CSCvb48624 | 4.4 (Nov 2016) |
Cisco TelePresence Supervisor MSE 8050 | CSCvb48614 | |
Cisco TelePresence System 1000 | CSCvb48686 | 1.0.2 (28-Feb-2017) |
Cisco TelePresence System 1100 | CSCvb48686 | 1.0.2 (28-Feb-2017) |
Cisco TelePresence System 1300 | CSCvb48686 | 1.0.2 (28-Feb-2017) |
Cisco TelePresence System 3000 Series | CSCvb48686 | 1.0.2 (28-Feb-2017) |
Cisco TelePresence System 500-32 | CSCvb48686 | 1.0.2 (28-Feb-2017) |
Cisco TelePresence System 500-37 | CSCvb48686 | 1.0.2 (28-Feb-2017) |
Cisco TelePresence System EX Series | CSCvb51602 | TC7.3.7 (Fix Available Now) CE8.2.2 (Oct.2016) |
Cisco TelePresence System TX1310 | CSCvb48686 | 1.0.2 (28-Feb-2017) |
Cisco TelePresence TX9000 Series | CSCvb48686 | 1.0.2 (28-Feb-2017) |
Cisco TelePresence Video Communication Server (VCS) | CSCvb48625 | X8.8.3 (24-Oct-2016) |
Cisco Telepresence Integrator C Series | CSCvb51602 | TC7.3.7 (Fix available now) CE8.2.2 (Oct.2016) |
Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) | CSCvb48631 | 4.003(002) (Oct. 2016) |
Cisco Video Surveillance 3000 Series IP Cameras | CSCvb48651 | 2.9 (16-Jan-2017) |
Cisco Video Surveillance 4000 Series High-Definition IP Cameras | CSCvb48649 | 2.9 (16-Jan-2017) |
Cisco Video Surveillance 4300E and 4500E High-Definition IP Cameras | CSCvb48650 | 2.9 (16-Jan-2017) |
Cisco Video Surveillance 6000 Series IP Cameras | CSCvb48651 | 2.9 (16-Jan-2017) |
Cisco Video Surveillance 7000 Series IP Cameras | CSCvb48651 | 2.9 (16-Jan-2017) |
Cisco Video Surveillance Media Server | CSCvb48653 | VSM 7.9 (16-Dec-2016) |
Cisco Video Surveillance PTZ IP Cameras | CSCvb48651 | 2.9 (16-Jan-2017) |
Cisco Videoscape AnyRes Live | CSCvb48677 | CAL 9.7.2 (Oct. 2016) |
Cisco Videoscape Control Suite | CSCvb48629 | |
Tandberg Codian ISDN Gateway 3210, 3220, and 3240 | CSCvb48611 | 2.2(1.122) (31-March-2017) |
Tandberg Codian MSE 8320 | CSCvb48611 | 2.2(1.122) (31-March-2017) |
Wireless | ||
Cisco 5760 Wireless LAN Controller | CSCvd82146 | No fix is expected. |
Cisco Aironet 1040 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 1130 AG Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 1140 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 1200 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 1530 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 1550 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 1570 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 1600 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 1700 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 2600 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 2700 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 3500 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 3600 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 3700 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 700 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Aironet 700W Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Industrial Wireless 3700 Series | CSCvb48583 | 16.4 (20-Oct-2016) 16.3 (20-Oct-2016) 16.2 (25-Oct-2016) 16.1 (25-Oct-2016) 15.5(3) (25-Oct-2016) |
Cisco Mobility Services Engine | CSCvb48592 | 8.0.150.0 (31-Dec-2016) |
Cisco Wireless LAN Controller | CSCvb48603 | 8.4 (Feb. 2017) 8.3 (Feb. 2017) |
Cisco Hosted Services | ||
Cisco Cloud Web Security | CSCvb48668 | |
Cisco Network Performance Analysis | CSCvb48682 | Affected versions will be fixed (28-Oct-2016) |
Cisco Partner Support Service 1.x | CSCvb48641 | No fix is expected. |
Cisco Proactive Network Operations Center | CSCvb48523 | No fix is expected. |
Cisco Registered Envelope Service | CSCvb48531 | Affected services have been updated. |
Cisco Services Provisioning Platform | CSCvb48730 | SFP1.1 (26-Oct-2016) |
Cisco Smart Care | CSCvb48639 | No fix is expected. |
Cisco Universal Small Cell 5000 Series - Running Release 3.4.2.x | CSCvb48676 | 3.5.12.23 (31-Jan-2017) |
Cisco Universal Small Cell 7000 Series - Running Release 3.4.2.x | CSCvb48676 | 3.5.12.23 (31-Jan-2017) |
Cisco Universal Small Cell CloudBase Factory Recovery Root Filesystem - Releases 2.99.4 and later | CSCvb48674 | 3.17.3 (30-Nov-2016) |
Cisco Universal Small Cell Iuh | CSCvb48675 | 3.17.3 (30-Nov-2016) |
Cisco WebEx Centers - Meeting Center, Training Center, Event Center, Support Center | CSCvb48555 | T32 (15-Nov-2016) |
Cisco WebEx Meeting Center | CSCvb48556 | WebEx11 v1.3.26 (31-Dec-2016) |
Cisco WebEx Messenger Service | CSCvb48551 | Affected versions have been updated. |
Network Health Framework | CSCvb48681 | Affected versions will be fixed (28-Oct-2016) |
Services Analytics Platform | CSCvb48526 | The deployment will be updated during the second quarter of 2017. |
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Version | Description | Section | Status | Date |
---|---|---|---|---|
1.18 | Updated the fixed release information for Cisco SMA to reflect the SMA version that was fixed. | Vulnerable Products | Final | 2018-December-27 |
1.17 | Updated the fixed release information for Cisco ESA to convey that the fixes were not integrated in any 10.x release. | Vulnerable Products | Final | 2018-December-19 |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.