On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016. OpenSSL classifies all the new vulnerabilities as “Moderate Severity.” The first vulnerability affects only OpenSSL used on 32-bit systems architecture and may cause OpenSSL to crash. The second vulnerability affects only version 1.1.0 and occurs only when OpenSSL is used on the client side. The second vulnerability may cause OpenSSL to crash when connecting to a malicious server. The third vulnerability affects only systems based on x86_64 architecture. A successful exploit of the third vulnerability could allow the attacker to access sensitive private key information. Multiple Cisco products incorporate a version of the OpenSSL package that is affected by one or more of these vulnerabilities. There are no Cisco products affected by the vulnerability identified by CVE ID CVE-2017-3730. On February 16, 2017, the OpenSSL Software Foundation released another security advisory that included one high severity vulnerability identified by CVE ID CVE-2017-3733. There are no Cisco products affected by this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl
Product | Cisco Bug ID | Fixed Release Availability |
---|---|---|
Collaboration and Social Media | ||
Cisco SocialMiner | CSCvc98364 | |
Cisco WebEx Meetings Server Releases 1.x | CSCvc94595 | CWMS 2.8 (31-March-2017) |
Cisco WebEx Meetings Server Releases 2.x | CSCvc94595 | CWMS 2.8 (31-March-2017) |
Endpoint Clients and Client Software | ||
Cisco Jabber Guest | CSCvc94762 | 11.0(1) (31-May-2017) |
Cisco Jabber Software Development Kit | CSCvc94759 | 11.9 (30-June-2017) |
Cisco Jabber for Mac | CSCvc94758 | 11.9 (30-June-2017) |
Cisco Jabber for Windows | CSCvc94760 | 11.9.0 (28-Jun-2017) |
Cisco WebEx Business Suite | CSCvc94597 | NBR 3.6.0 (30-March-2017) |
Cisco WebEx Meetings Client - Hosted | CSCvc96091 | 31.12 (28-Feb-2017) |
Cisco WebEx Meetings Client - On-Premises | CSCvc96090 | 31.12 (28-Feb-2017) |
Cisco WebEx Meetings Server - Multimedia Platform (MMP) | CSCvc96092 | 6.0.325 (Available) |
Network and Content Security Devices | ||
Cisco Content Security Appliance Update Servers | CSCvc94591 | 2.0.3-111 (3-Mar-2017) |
Cisco Content Security Management Appliance (SMA) | CSCvc94590 | 11.5 (September - 2017) |
Cisco Email Security Appliance (ESA) | CSCvc94585 | 11.5 (September - 2017) |
Cisco FireSIGHT System Software | CSCvc94589 | 6.2.0.1 (April-2017) 6.1.0.3 (July-2017) 6.0.1.3 (June-2017) 5.4.0.11/5.4.1.10 (July-2017) |
Cisco Identity Services Engine (ISE) | CSCvc94692 | |
Cisco Web Security Appliance (WSA) | CSCvc94592 | 11.5 (September - 2017) |
Network Management and Provisioning | ||
Cisco Application Policy Infrastructure Controller (APIC) | CSCvc96095 | 2.3 (June-2017) |
Cisco MATE Collector | CSCvc94716 | |
Cisco MATE Design | CSCvc94716 | |
Cisco MATE Live | CSCvc94716 | |
Cisco NetFlow Generation Appliance | CSCvc94643 | 1.1.1 (13-April-2017) 1.1.1a (13-April-2017) |
Cisco Network Analysis Module | CSCvc94637 | 6.2.1 (13-April-2017) 6.2.2 (13-April-2017) |
Cisco Prime Access Registrar | CSCvc94632 | 8.0 (30-July-2017) |
Cisco Prime Collaboration Assurance | CSCvc96099 | Fix Already Available in PCA 11.6 |
Cisco Prime Collaboration Deployment | CSCvc96106 | |
Cisco Prime Data Center Network Manager | CSCvc94601 | 10.2.1 (21-April-17) |
Cisco Prime IP Express | CSCvc94634 | 8.3.5 (28-Feb-2017) |
Cisco Prime Infrastructure | CSCvc94641 | 3.2: (31-March-2017) 3.1.6 (31-March-2017) |
Cisco Prime License Manager | CSCvc94662 | 11.5 (1.12001-2) (7-April-2017 |
Cisco Prime Network Registrar | CSCvc94629 | 8.3.5 (28-Feb-2017) |
Cisco Prime Optical for Service Providers | CSCvc94633 | 10.6.1.0 (Feb-2017) |
Cisco Prime Performance Manager | CSCvc94623 | SP1703 (31-March-2017) |
Cisco Smart Net Total Care - Local Collector appliance | CSCvc94723 | 2.2.14 (10-Feb-2017) |
Cisco Unified Intelligence Center | CSCvc98361 | |
Routing and Switching - Enterprise and Service Provider | ||
Cisco ASR 5000 Series | CSCvc94556 | 21.2.0 (30-April-2017) |
Cisco Application Policy Infrastructure Controller (APIC) | CSCvc94602 | 2.3 (July - 2017) |
Cisco Connected Grid Routers | CSCvc94730 | 15.6(3)M2 (31-Mar-2017) |
Cisco IOS XR Software | CSCvc94649 | 6.3.1 |
Cisco IOS and Cisco IOS XE Software | CSCvc94729 | 16.6 (15-Feb-2017) |
Cisco MDS 9000 Series Multilayer Switches | CSCvc94605 | 6.2.21 No fix available yet 8.2.1 (Sept. 2017) 7.0.3.I6 (Mar. 2017) |
Cisco MDS 9000 Series Multilayer Switches | CSCvc94606 | MDS 9000: 6.2.21 No fix available yet N5K N6K : No Fix Expected N7K: 8.2.1 (Sept. 2017) N3K N9K 7.0.3.I6 (April 2017) |
Cisco Nexus 1000V InterCloud | CSCvc94604 | No Fix Expected |
Cisco Nexus 3000 Series Switches | CSCvc94609 | 6.0(2)A8(4) (15-Apr-2017) |
Cisco Nexus 4000 Series Blade Switches | CSCvc94709 | 4.1(2)E1(1s) (15-July-2017) |
Cisco Nexus 5000 Series Switches | CSCvc94606 | MDS 9000: 6.2.21 No fix available yet N5K N6K : No Fix Expected N7K: 8.2.1 (Sept. 2017) N3K N9K 7.0.3.I6 (April 2017) |
Cisco Nexus 5000 Series Switches | CSCvc94610 | 7.3 (02-May-2017) |
Cisco Nexus 6000 Series Switches | CSCvc94606 | MDS 9000: 6.2.21 No fix available yet N5K N6K : No Fix Expected N7K: 8.2.1 (Sept. 2017) N3K N9K 7.0.3.I6 (April 2017) |
Cisco Nexus 7000 Series Switches | CSCvc94606 | MDS 9000: 6.2.21 No fix available yet N5K N6K : No Fix Expected N7K: 8.2.1 (Sept. 2017) N3K N9K 7.0.3.I6 (April 2017) |
Cisco Nexus 9000 Series Fabric Switches - ACI mode | CSCvc94603 | 12.3x Drava (Jun-2017) |
Unified Computing | ||
Cisco Common Services Platform Collector | CSCvc94568 | CASP 1.12 (10-March-2017) |
Cisco UCS 6200 Series and 6300 Series Fabric Interconnects | CSCvc94686 | 3.2.3 (14-Apr-2017) |
Cisco UCS B-Series Blade Servers | CSCvc94616 | 3.2 (June-2017) |
Cisco UCS Director | CSCvc96093 | 6.1 GlacierBay (31-May-2017) |
Cisco UCS Manager | CSCvc96103 | 3.2.3 (14-April-2017) |
Voice and Unified Communications Devices | ||
Cisco ATA 187 Analog Telephone Adaptor | CSCvc94765 | No Fix Expected |
Cisco Agent Desktop for Cisco Unified Contact Center Express | CSCvc94745 | EoSWM (16-July-2016) No Fix Expected |
Cisco Agent Desktop | CSCvc94581 | No Fix Expected |
Cisco Emergency Responder | CSCvc94749 | CER 12.0 (July-2017) |
Cisco Finesse | CSCvc98369 | |
Cisco Hosted Collaboration Mediation Fulfillment | CSCvc94752 | |
Cisco IP 7800 Series Phones | CSCvc94768 | 12.0 (31-Aug-2017) |
Cisco IP 8800 Series Phones - VPN feature | CSCvc94767 | 12.0 (12-DEC-2017) |
Cisco MediaSense | CSCvc98372 | 11.5 SU02 (4-Aug-2017) |
Cisco Unified Attendant Console Advanced | CSCvc94735 | 11.0.2 (3-April-2017) |
Cisco Unified Attendant Console Business Edition | CSCvc94735 | 11.0.2 (3-April-2017) |
Cisco Unified Attendant Console Department Edition | CSCvc94735 | 11.0.2 (3-April-2017) |
Cisco Unified Attendant Console Enterprise Edition | CSCvc94735 | 11.0.2 (3-April-2017) |
Cisco Unified Attendant Console Premium Edition | CSCvc94735 | 11.0.2 (3-April-2017) |
Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) | CSCvc94750 | |
Cisco Unified Communications Manager Session Management Edition | CSCvc94740 | |
Cisco Unified Communications Manager | CSCvc94740 | |
Cisco Unified Contact Center Express | CSCvc96176 | 11.6(1) (30-April-2017) |
Cisco Unified IP 7937 Phone | CSCvc96113 | No Fix Expected |
Cisco Unified IP 8945 Phone | CSCvc96109 | 9.4(2)SR4 (Dec-2017) |
Cisco Unity Connection | CSCvc94741 | 12.0: Available 11.5: Available |
Cisco Virtualization Experience Media Edition | CSCvc94773 | 11.9 (30-June-2017) |
Cisco Virtualized Voice Browser | CSCvc98374 | 11.6.1 (10-May-2017) |
Video, Streaming, TelePresence, and Transcoding Devices | ||
Cisco 4300 Series Digital Media Players | CSCvc94651 | 5.4.1(RB3) (25-Feb-2017) 5.3.6(RB3) (25-Feb-2017) |
Cisco 4400 Series Digital Media Players | CSCvc94651 | 5.4.1(RB3) (25-Feb-2017) 5.3.6(RB3) (25-Feb-2017) |
Cisco Cloud Object Storage | CSCvc94672 | 3.14.0 (30-March-2017) |
Cisco Edge 300 Digital Media Player | CSCvc94710 | 1.6RB5_2 (01-March-2017) |
Cisco Edge 340 Digital Media Player | CSCvc94713 | 1.2RB1.0.6 ( 2-March-2017) |
Cisco Expressway Series | CSCvc94669 | X8.9.2 (31-Mar-2017) |
Cisco TelePresence Conductor | CSCvc94650 | 4.3.1 (29-Mar-2017) |
Cisco TelePresence MX Series | CSCvc94665 | CE8.3.2 (April-2017) 7.3.10 (August-2017) |
Cisco TelePresence Profile Series | CSCvc94665 | CE8.3.2 (April-2017) 7.3.10 (August-2017) |
Cisco TelePresence SX Series | CSCvc94665 | CE8.3.2 (April-2017) 7.3.10 (August-2017) |
Cisco TelePresence System 1000 | CSCvc94733 | 500-32 - CTS6.1.13(6) (10-April-2017) 1300 - CTS6.1.13(6) (10-April-2017) TX1310 - CTS6.1.13(6) (10-April-2017) TX9000 Series - CTS6.1.13(6) (10-April-2017) 500-37- CTS1.10.16(4) (10-April-2017) 1000 - CTS1.10.16(4) (10-April-2017) 1100 - CTS1.10.16(4) (10-April-2017) 3000 Series - CTS1.10.16(4) (10-April-2017) |
Cisco TelePresence System 1100 | CSCvc94733 | 500-32 - CTS6.1.13(6) (10-April-2017) 1300 - CTS6.1.13(6) (10-April-2017) TX1310 - CTS6.1.13(6) (10-April-2017) TX9000 Series - CTS6.1.13(6) (10-April-2017) 500-37- CTS1.10.16(4) (10-April-2017) 1000 - CTS1.10.16(4) (10-April-2017) 1100 - CTS1.10.16(4) (10-April-2017) 3000 Series - CTS1.10.16(4) (10-April-2017) |
Cisco TelePresence System 1300 | CSCvc94733 | 500-32 - CTS6.1.13(6) (10-April-2017) 1300 - CTS6.1.13(6) (10-April-2017) TX1310 - CTS6.1.13(6) (10-April-2017) TX9000 Series - CTS6.1.13(6) (10-April-2017) 500-37- CTS1.10.16(4) (10-April-2017) 1000 - CTS1.10.16(4) (10-April-2017) 1100 - CTS1.10.16(4) (10-April-2017) 3000 Series - CTS1.10.16(4) (10-April-2017) |
Cisco TelePresence System 3000 Series | CSCvc94733 | 500-32 - CTS6.1.13(6) (10-April-2017) 1300 - CTS6.1.13(6) (10-April-2017) TX1310 - CTS6.1.13(6) (10-April-2017) TX9000 Series - CTS6.1.13(6) (10-April-2017) 500-37- CTS1.10.16(4) (10-April-2017) 1000 - CTS1.10.16(4) (10-April-2017) 1100 - CTS1.10.16(4) (10-April-2017) 3000 Series - CTS1.10.16(4) (10-April-2017) |
Cisco TelePresence System 500-32 | CSCvc94733 | 500-32 - CTS6.1.13(6) (10-April-2017) 1300 - CTS6.1.13(6) (10-April-2017) TX1310 - CTS6.1.13(6) (10-April-2017) TX9000 Series - CTS6.1.13(6) (10-April-2017) 500-37- CTS1.10.16(4) (10-April-2017) 1000 - CTS1.10.16(4) (10-April-2017) 1100 - CTS1.10.16(4) (10-April-2017) 3000 Series - CTS1.10.16(4) (10-April-2017) |
Cisco TelePresence System 500-37 | CSCvc94733 | 500-32 - CTS6.1.13(6) (10-April-2017) 1300 - CTS6.1.13(6) (10-April-2017) TX1310 - CTS6.1.13(6) (10-April-2017) TX9000 Series - CTS6.1.13(6) (10-April-2017) 500-37- CTS1.10.16(4) (10-April-2017) 1000 - CTS1.10.16(4) (10-April-2017) 1100 - CTS1.10.16(4) (10-April-2017) 3000 Series - CTS1.10.16(4) (10-April-2017) |
Cisco TelePresence System EX Series | CSCvc94665 | CE8.3.2 (April-2017) 7.3.10 (August-2017) |
Cisco TelePresence System TX1310 | CSCvc94733 | 500-32 - CTS6.1.13(6) (10-April-2017) 1300 - CTS6.1.13(6) (10-April-2017) TX1310 - CTS6.1.13(6) (10-April-2017) TX9000 Series - CTS6.1.13(6) (10-April-2017) 500-37- CTS1.10.16(4) (10-April-2017) 1000 - CTS1.10.16(4) (10-April-2017) 1100 - CTS1.10.16(4) (10-April-2017) 3000 Series - CTS1.10.16(4) (10-April-2017) |
Cisco TelePresence TX9000 Series | CSCvc94733 | 500-32 - CTS6.1.13(6) (10-April-2017) 1300 - CTS6.1.13(6) (10-April-2017) TX1310 - CTS6.1.13(6) (10-April-2017) TX9000 Series - CTS6.1.13(6) (10-April-2017) 500-37- CTS1.10.16(4) (10-April-2017) 1000 - CTS1.10.16(4) (10-April-2017) 1100 - CTS1.10.16(4) (10-April-2017) 3000 Series - CTS1.10.16(4) (10-April-2017) |
Cisco TelePresence Video Communication Server (VCS) | CSCvc94669 | X8.9.2 (31-Mar-2017) |
Cisco Telepresence Integrator C Series | CSCvc94665 | CE8.3.2 (April-2017) 7.3.10 (August-2017) |
Cisco Video Surveillance 4300E and 4500E High-Definition IP Cameras | CSCvc94689 | 3.2.7-240:(1-March-2017) |
Cisco Video Surveillance Media Server | CSCvc94691 | 7.10 (eta June-2017) |
Cisco Videoscape AnyRes Live | CSCvc94718 | 9.7.4 (14-Feb-2017) |
Cisco Videoscape Voyager Vantage | CSCvc94721 | Vantage 6.4 5 1 r\n OpenSSL 1.0.2i (-May-2017) |
Wireless | ||
Cisco Mobility Services Engine | CSCvc94636 | |
Cisco Wireless LAN Controller | CSCvc94648 | 8.5 (March-2017) |
Cisco Hosted Services | ||
Cisco Business Video Services Automation Software | CSCvc94560 | BV-VSAA 11.x (31-Dec-2017) |
Cisco Smart Care | CSCvc94677 | No Fix Expected |
Cisco WebEx Meeting Center | CSCvc94598 | 1.3.28 (30-Apr-2017) |
ciscossl | CSCvd41263 |
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
A public exploit exists for the OpenSSL Key Exchange Handling Denial of Service Vulnerability, CVE-2017-3730.
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Version | Description | Section | Status | Date |
---|---|---|---|---|
2.9 | MSE Fix updated to unknown at this stage. | Vulnerable Products | Final | 2017-July-05 |
2.8 | Added Cisco IOS XR first fixed release. | Vulnerable Products | Final | 2017-June-20 |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.