Cisco Cisco TelePresence Video Communication Server Expressway Release Notes
Open and Resolved Issues
Cisco TelePresence Video Communication Server Software Release Notes (X8.5)
Page 14 of 36
Identifier
Description
CSCup75947
Symptoms: On VCS running 8.2 in a CMR Hybrid environment, B2BUA fails to process and
forward on the ACK sent by an MCU in response to a WebEx 200OK. The results in a SIP
negotiation failure where the connection ultimately times out on the WebEx side and WebEx
sends a BYE.
forward on the ACK sent by an MCU in response to a WebEx 200OK. The results in a SIP
negotiation failure where the connection ultimately times out on the WebEx side and WebEx
sends a BYE.
Conditions: CMR Hybrid where MCU dials out to WebEx.
Workaround: In CMR Hybrid deployments you should:
n
Continue to use X7.2.3 software, or
n
Reconfigure the VCS Expressway to not use static NAT, or
n
Recommended configuration for VCS Control with VCS Expressway deployments is to
configure the media encryption policy setting on the traversal client zone on VCS Control, the
traversal server zone on VCS Expressway, and every zone and subzone on VCS
Expressway, and to only use static NAT on the VCS Expressway. With this configuration the
encryption B2BUA will only be enabled on the VCS Control.
configure the media encryption policy setting on the traversal client zone on VCS Control, the
traversal server zone on VCS Expressway, and every zone and subzone on VCS
Expressway, and to only use static NAT on the VCS Expressway. With this configuration the
encryption B2BUA will only be enabled on the VCS Control.
CSCup25151
Symptom: The following Cisco products: Cisco TelePresence Video Communication Server
include a version of openssl that is affected by the vulnerabilities identified by the Common
Vulnerability and Exposures (CVE) IDs:
include a version of openssl that is affected by the vulnerabilities identified by the Common
Vulnerability and Exposures (CVE) IDs:
CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection or denial of service
CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA
Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
CVE-2014-0195 - DTLS invalid fragment vulnerability
CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
CVE-2014-0221 - DTLS recursion flaw
CVE-2014-0224 - SSL/TLS MITM vulnerability
CVE-2014-3470 - Anonymous ECDH denial of service This bug has been opened to address
the potential impact on this product.
the potential impact on this product.
Conditions: Devices running an affected version of software.
Workaround: None.
Further Problem Description: Fix will be available with X8.2.1.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score.
The Base and Temporal CVSS scores as of the time of evaluation are 10/9.5:
https://intellishield.cisco.com/security/alertmanager/cvss?target=new&version=2.0&vector=AV:
N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C The Cisco PSIRT has assigned this score based on
information obtained from multiple sources. This includes the CVSS score assigned by the
third-party vendor when available. The CVSS score assigned may not reflect the actual impact
on the Cisco Product.
The Base and Temporal CVSS scores as of the time of evaluation are 10/9.5:
https://intellishield.cisco.com/security/alertmanager/cvss?target=new&version=2.0&vector=AV:
N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C The Cisco PSIRT has assigned this score based on
information obtained from multiple sources. This includes the CVSS score assigned by the
third-party vendor when available. The CVSS score assigned may not reflect the actual impact
on the Cisco Product.
CSCup50593
Symptoms: VCS reports an application error, an alarm is raised reporting that an unexpected
software error was detected (getCallSerialNumbers Line: 41).
software error was detected (getCallSerialNumbers Line: 41).
Conditions: The VCS application builds SIP message strings from null pointer.
Workaround: None.
Table 3: Issues resolved in X8.2.1 (continued)