Manualshelf

Release Notes

ManualsBrandsCisco ManualsCollaboration EndpointsCisco TelePresence Administration Software 1.2
21222324252627282930
21
Release Notes for Cisco TelePresence System Software Release 1.10
Caveats in the CTS 1.10 Releases
Conditions Exposure is not configuration dependent.
Cisco TelePresence System Software Release 1.10.12 and later releases and Cisco TelePresence System
Software TX Release 6.1.9 and later releases are affected by the following Common Vulnerability and
Exposures (CVE) IDs:
CVE-2016-0797 - BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
CVE-2016-0799 - Fix memory issues in BIO_*printf functions
This product is not affected by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2016-0705 - Double-free in DSA code CVE-2016-0798 - Memory leak in SRP database
lookups
CVE-2016-0702 - Side channel attack on modular exponentiation
All earlier releases of Cisco TelePresence System Software and Cisco TelePresence System Software TX
are affected by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2016-0800 - Cross-protocol attack on TLS using SSLv2 (DROWN)
CVE-2016-0703 - Divide-and-conquer session key recovery in SSLv2 CVE-2016-0704 -
Bleichenbacher oracle in SSLv2
CVE-2016-0797 - BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
CVE-2016-0799 - Fix memory issues in BIO_*printf functions
This product is not affected by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2016-0705 - Double-free in DSA code CVE-2016-0798 - Memory leak in SRP database
lookups
CVE-2016-0702 - Side channel attack on modular exponentiation
Workaround Not available.
Further Problem Description
Additional details about those vulnerabilities can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base CVSS score as
of the time of evaluation is: 4.3
https://tools.cisco.com/security/center/cvssCalculator.x?version=2&vector=AV:N/AC:M/Au:N/C:P/I:N
/A:N/E:ND/RL:ND/RC:ND
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This
includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned
may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security
vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html