Cisco Cisco Expressway 發佈版本通知
Open and Resolved Issues
Unified Communications Cisco Expressway Series Software Release Notes (X8.5)
Page 9 of 23
Identifier
Description
CSCup25151
Symptom: The following Cisco products: Cisco Expressway include a version of openssl that is
affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection or denial of service
CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA
Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
CVE-2014-0195 - DTLS invalid fragment vulnerability
CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-0224 - SSL/TLS MITM vulnerability
CVE-2014-3470 - Anonymous ECDH denial of service This bug has been opened to address
the potential impact on this product.
the potential impact on this product.
Conditions: Devices running an affected version of software.
Workaround: None.
Further Problem Description: Fix will be available with X8.2.1.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score.
The Base and Temporal CVSS scores as of the time of evaluation are 10/9.5:
https://intellishield.cisco.com/security/alertmanager/cvss?target=new&version=2.0&vector=AV:
N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C The Cisco PSIRT has assigned this score based on
information obtained from multiple sources. This includes the CVSS score assigned by the
third-party vendor when available. The CVSS score assigned may not reflect the actual impact
on the Cisco Product.
The Base and Temporal CVSS scores as of the time of evaluation are 10/9.5:
https://intellishield.cisco.com/security/alertmanager/cvss?target=new&version=2.0&vector=AV:
N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C The Cisco PSIRT has assigned this score based on
information obtained from multiple sources. This includes the CVSS score assigned by the
third-party vendor when available. The CVSS score assigned may not reflect the actual impact
on the Cisco Product.
CSCup50593
Symptoms: Expressway reports an application error, an alarm is raised reporting that an
unexpected software error was detected (getCallSerialNumbers Line: 41).
unexpected software error was detected (getCallSerialNumbers Line: 41).
Conditions: The Expressway application builds SIP message strings from null pointer.
Workaround: None.
Table 3: Issues resolved in X8.2.1 (continued)
Resolved in X8.2
Identifier
Description
CSCum90139 Symptoms: Expressway X8.1 uses the Ethernet 2 IP address for the media part in SDP rather
than the configured Static NAT IP address. This results in calls failing on the media part.
Conditions: Running Expressway X8.1 with Static NAT and encryption B2BUA enabled (a media
encryption policy other than Auto).
encryption policy other than Auto).
Workaround: Recommended configuration for Expressway-C with Expressway-E deployments
is to configure the same media encryption policy setting on the traversal client zone on
Expressway-C, the traversal server zone on Expressway-E, and every zone on Expressway-E,
and to only use static NAT on the Expressway-E. With this configuration the encryption B2BUA
will only be enabled on the Expressway-C.
is to configure the same media encryption policy setting on the traversal client zone on
Expressway-C, the traversal server zone on Expressway-E, and every zone on Expressway-E,
and to only use static NAT on the Expressway-E. With this configuration the encryption B2BUA
will only be enabled on the Expressway-C.
Table 4: Issues resolved in X8.2
Resolved in X8.1.2
.