CUCM 8.6(2): evaluation of SSLv3 POODLE vulnerability

Hi,
As per the bug toolkit CUCM version 8.6(2) is affected by the following bug CSCur23720.
I tried to check for a COP file to fix this issue but didn't find.
Please advise .

Hi
I would contact TAC to see if they have something for  you - I don't see a specific COP, and there doesn't seem to be a 'fixed-in' 8.x version referenced in the bug report..
Aaron

Similar Messages

  • SSLv3 Poodle vulnerability

    Does anyone have any more info on the SSLv3 Poodle vulnerability in that are any of the Cisco switches, in particular the ACE load balancer (If they do SSL offloading) vulnerable to this?
    http://www.wired.com/2014/10/poodle-explained/
    If so, if there a way to disable SSLv3?

    To disable SSLv3, do something like this:
    parameter-map type ssl PARAMMAP_SSL
      cipher RSA_WITH_3DES_EDE_CBC_SHA
      cipher RSA_WITH_AES_128_CBC_SHA priority 2
      cipher RSA_WITH_AES_256_CBC_SHA priority 3
      version TLS1
    ssl-proxy service SSL_PSERVICE_SERVER
      ssl advanced-options PARAMMAP_SSL
    (Omitted all the other important, but not to this exact solution, stuff in the ssl-proxy config)

  • Sslv3 poodle vulnerability and sharepoint site using https

    Hi
    Is it safe  to run IIS crypto tool and choose
    'FIPS 140-2'  on Sharepoint WFe
    We have one web application accessible to users using HTTPS with a  valid  SSL from CA.

    FIPS 140-2 is not supported by SharePoint and enforcing it will break SharePoint.
    Instead, disable SSLv3 support in IIS.
    https://www.digicert.com/ssl-support/iis-disabling-ssl-v3.htm
    https://support.microsoft.com/kb/187498/
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • Disabling SSL v3 in OAS10gR1 (9.0.4) to address Poodle vulnerability?

    Has anyone been able to get OAS10gR1 (9.0.4) to recognize a protocol other than SSLv3 – such as TLS? We know that this version of the OAS supports SSLv3 primarily – but we are attempting to address the SSLv3 Poodle Vulnerability. Any advice where this is concerned would be appreciated.

    Hi ,
    The version OAS10gR1(9.0.4) is de-supported since 31st-Dec-2008 and as this relates to security we would require you to upgrade to the latest version which is 11g and the apply the latest CPU patches.
    If the same issue still exists even after upgrade and applying the latest CPU patches request you Open and SR with Support.
    Regards,
    Prakash.

  • Disable SSLv3 on Exchange 2010 server (Poodle Vulnerability)

    Following the recommendation to mitigate the Poodle vulnerability, we tried disabling SSLv3 and making sure that users had TLS 1.1 and 1.2 enabled on their browsers.
    We used IIScrypt to turn off SSLv3 (v2 was already disabled from before).
    Now, OWA works fine, and users are able to connect via the Web.
    Internally, users are also able to connect with Outlook 2010/2013.
    however, users are not able to connect via Outlook from outside (Outlook anywhere)
    In the event viewer you get an error:
    A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
    I opened a ticket with Microsoft but the lady working on the case wanted us to re-enable SSLv2 which is out of the question.
    Anybody has seen this issue as well?

    Hi Max
    could you provide the steps to turn off SSLv3 . Is it from the registry
    http://support.microsoft.com/kb/187498 ?
    Mat A
    Yes. Copy and paste this into a text file and save as a .reg file, then double click on the file to add to the registry of the server
    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
    "DisabledByDefault"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
    "Enabled"=dword:00000000
    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

  • POODLE Vulnerability and AMS configuration in Adapator.xml

    Hi,
    I am looking for some recommendation and guidance on how to ban AMS from using SSlV3 in with RTMPS clients. I know about that there's a configuration in Adaptor.xml called
    "SSLCipherSuite" which should be able to somehow prevent a specific protocol, but the Adobe documentation recommends contacting with Adobe before changing that configuration.
    So I was wondering if Adobe has any official recommendation to prevent RTMPS client from using SSLV3. Could someone please point me to the right direction?
    Thanks
    -Irtiza

    When will it be released?
    I can not comment on that...
    How will it support older browsers?
    Well most likely it will disable SSLv3 support from within the application. So you will not need to change anything in AMS ocnfiguration.
    All browsers which work on TLS 1.0 and higher will continue to work as they were working till now.
    Note that even in current release, if your browsers support TLS then TLS would be preferred mode of connection  and you will not be exposed to SSLv3 attack.
    Even today, POODLE vulnerability exists only if you are working on those browsers which do not support TLS.
    That said, you must upgrade your openssl to 1.0.1j, because prior to that a hacker could exploit a hack in openssl so that even if your endpoints supports TLS, it can hack and make the connection protocol get downgraded to SSLv3...openssl to 1.0.1j fixes this downgrade protocol attack..
    The steps to compile openssl for AMS are available in public domain..please google and compile openssl for yourself and drop that openssl in your AMS installation.
    Openssl consists of two files libeay32.dll and ssleay32.dll on windows  AND libssl.so.1.0.0 and libcrypto.so.1.0.0 on Linux...

  • POODLE vulnerability - ASA 5520

    Hi
    I would like to know if my firewalls ASA 5520 (Cisco Adaptive Security Appliance Version 8.4(6), 8.2(1)) are vulnerables to the Poodle vulnerability.
    Which workaround should i do??? it would have any impact in my VPN or servers DMZ????
    Thanks...

    Hi ,
    Both these  ASA versions are vulnerable 
    Conditions:
    The default configuration of SSL on all versions of the ASA enables SSLv3.
    Due to CSCug51375, the ASA is unable to disable SSLv3 on ASA v9.0.x and v9.1.1.x.
    To see the SSL configuration:
    show run all ssl
    Default configuration of the ASA:
    ssl client-version any
    ssl server-version any
    The following non-default configuration values also enable SSLv3:
    ssl client-version sslv3-only
    ssl client-version salve
    ssl server-version sslv3-only
    ssl server-version sslv3
    The following versions are vulnerable regardless of ssl configuration:
    * 9.0.x
    * 9.1.1.x
    Workaround:
    Disable SSLv3, write the changes to the startup-config.
    This workaround only applies to the following versions:
    * 7.x and later
    * 8.2 and later
    * 8.3 and later
    * 8.4 and later
    * 8.5 and later
    * 8.6 and later
    * 8.7 and later
    * 9.1.2 and later (with CSCug51375 fix)
    * 9.2.1 and later (with CSCug51375 fix)
    * 9.3.1 and later
    Use the following config-mode commands:
    ssl server-version tlsv1
    ssl client-version tlsv1-only
    There is no need to reboot. The configuration must be saved via "write memory".
    Here is the bug details CSCur23709
    Known fixed ASA versions 9.0(4.201) ,9.2(2.103),9.3(1.1)
    Thanks,
    Prashant Joshi

  • [CVE-2014-3566] SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

    Cisco is aware of the reported vulnerability and is currently investigating this report.  Cisco is evaluating products to determine their exposure to this vulnerability.
    Cisco has issued an official PSIRT notice for the SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
    Please refer to the following information, as provided from our Product Security Incident Response Team (PSIRT):
    SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
    Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at:
    http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html 
    This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at:
    http://www.cisco.com/go/psirt

    Quick-link to the PSIRT verified Email Security (ESA) vulnerability information as well as workaround:-
    https://tools.cisco.com/bugsearch/bug/CSCur27131

  • SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability for Smart Switch SG200-26 26 Port

    Hi,
    I am having a SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability on my Smart Switch SG200-26 26Port. Does anyone know how to solve this vulnerability?

    Quick-link to the PSIRT verified Email Security (ESA) vulnerability information as well as workaround:-
    https://tools.cisco.com/bugsearch/bug/CSCur27131

  • MeetingPlace 7.1 SSLv3/Poodle Vulnerablilty

    Hello, Support Community,
    We have MeetingPlace 7.1 on an MCS server.  The server is running the Cisco IOS Image 2003.1.51 and Service Release 25.  This is our conference server located in our DMZ for outside conferencing. 
    I have read the notice at https://tools.cisco.com/bugsearch/bug/CSCur33354/?referring_site=bugquickviewclick. 
    It appears that upgrading is the best option, however  we are looking for a short term security option if one is available as we are  going to be getting ready to upgrade to WebEx in a few months.
    Is there anything else that can be enabled differently, or disabled to secure the server and still provide service to our clients that are coming in for web conferencing from the outside.
    Many thanks in advance for the help!
    Peggy

    Tried this on one of my 4260's and are most recent vulnerability scan is still picking up the IPS as vulnerable to POODLE.
    Given that the IPS is technically supported until 2018, I'm having a hard time convincing the business that they need to upgrade it just yet.
    Was there anything else you needed to do other than what was documented in the link?

  • SSLv3 POODLE on v7.1 IPS

    CSCur29000 states "No release planned to fix this bug."  I understand that this is covered with version 7.3(2), which I have running on one of my 5512-X firewalls.  But what about the SSM-10's that only run the 7.1 series?  7.1(9) was just released which finally fixes the OpenSSL heartbleed issue from June.  It doesn't appear to fix this issue.  When can we expect to get this fixed on a currently supported product?
    Thanks,
    Mike

    Tried this on one of my 4260's and are most recent vulnerability scan is still picking up the IPS as vulnerable to POODLE.
    Given that the IPS is technically supported until 2018, I'm having a hard time convincing the business that they need to upgrade it just yet.
    Was there anything else you needed to do other than what was documented in the link?

  • SSLV3 poodle on WLC 2100

    Hi everyone,
    Seems as per cisco all WLC --5500/2100 etc are effected by sslv3.
    Need to know if there is any config change that can be done without doing version upgrade?
    Regrads
    Mahesh

    If you do not want users to connect to a web page using a browser that is configured with SSLv2 only, you can disable SSLv2 for web authentication by entering the config network secureweb cipher-option sslv2 disable command. If you enter this command, users must use a browser that is configured to use a more secure protocol such as SSLv3 or later releases. The default value is disabled.

  • CSCur27551 - SSLv3 Poodle attack against https in wlc, CVE-2014??-3566 - 1

    Is there  a reason why Cisco doesn't add this code/fix 7.6.130.13 to their main downloads for the 5508 WLC?  I need to get this again and most likely need to resubmit a ticket just to get a link to download.

    Firmware 1.05.36 of MyCloud Mirror fixed that: http://community.wd.com/t5/WD-My-Cloud-Mirror/New-Release-My-Cloud-Mirror-Firmware-Release-1-05-36-7-8-2015/td-p/886778

  • Lync 2010 - Poodle vulnerability?

    is the FE or Edge server at risk.?
    thanks
    Eva

    POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server.
    Edge server doesnt provide any Web services so its not the edge server 
    The Lync FE caters to http\https traffic 
    This a Man in middle kind of attack not sure what the hacker will gain my presenting you Lync Meeting page or a Lync dial-in page 
    As a server [administrator], you probably don’t need to panic if your customers are coming in over home connections. Only if they’re coming in over [something like] a Starbucks Wi-Fi
    POODLE  targets the clients.
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer" Regards Edwin Anthony Joseph

  • Mitigting SSL v3 POODLE Vulnerability (CVE-2014-3566)

    Hi all,
    Another day, another vulnerability. Feel like we are swimming against the tide.
    Now, SSL v3 has been shown to be vulnerable (looks like a protocol issue, not an implementation issue, so patches are doubtful) and so I am looking at what we can do to mitigate this. Clients (such as IE, Firefox and Chrome (sort of)) can be set to disable SSL v3, but rolling this out across an Enterprise might not be that easy.
    In IIS (that would be running TMS) you can switch off SSL v3 via a reg edit, but are there any knock on effect? What about the web services built into CODECs, MCUs and other infrastructure devices - can SSL v3 be switched off?
    Look forward to the responses.
    Cheers
    Chris

    Hi All,
    This tidbit is not Cisco orientated per se, but some of you might find it useful (if you haven't found the info yourselves already (it's what I sent around to my team here):
    There are many things you can do to mitigate this vulnerability, as you can also disable SSL3 in various clients (although this might affect communication with legacy systems)
    Firefox – Version 34 (due for release at the end of November) will disable SSL v3 by default, but they have released a plug in that can disable this immediately. See https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
    IE – You can turn off SSL 3 from the Settings -->Internet Options --> Advanced --> Security, section however, if you find that the options to check SSL/TLS are greyed out (as they are on my machine), this maybe a hang over from previous security software installation.
    However, I will override this using GPO so domain joined PCs will have this setting updated. The GPO applied to the domain is:
    Computer Setting --> Administrative Templates --> Windows Components --> Internet Explorer --> Internet Control Panel --> Advanced Page --> Turn Off Encryption Support = TLS 1.0, TLS 1.1, and TLS 1.2 ONLY
    Chrome – This is a little more difficult. It seem you can only do this at this moment in time by adding a switch to the start-up command (you can modify the shortcut on either Windows or Mac). Check out https://zmap.io/sslv3/browsers.html

Maybe you are looking for

  • Possible to make pacman less verbose?

    Hi, During updates your sometimes see pacman print a whole list of signed keys that it has been updated, even those that have not changed. Would it be possible to remove this output? I do like package signing but I prefer not to be bothered with it a

  • When I plug the ipod into my computer it

    When I plug the ipod into my computer it showes the normal "Do not disconnect" thing in the ipod... In windows it apears that I have connected a usb-device. But explorer, iTunes or iPod updater can find the device. Then I disconnect the iPod, but the

  • Problem in Merging PDF files

    Need to print batches of PDF.<br />The command copy *.PDF > LPT1: (redirected by NET USE) doesn't work.<br />On the printer I get an error message. All files are sent in one file.<br />.<br />I guess this is related to the PDF header which is not set

  • Problem with Gradient Background

    When I publish my code for the gradient background and view it on the web I generate a 15 pixel gap between the stage and the tab bar on Firefox. So when viewed you see the tab bar, then the default color for the stage background, and then the gradie

  • How can I design the motion animation according to mathematical equations?

    I would like to design some motions based on some mathematical equations. The variables included in the equations could be position (X, Y) of the object, acceleration, forces and so on. However, in adobe flash professional cc, I only found the functi