Manualshelf

Release Notes

ManualsBrandsCisco ManualsCollaboration EndpointsCisco TelePresence Administration Software 1.2
31323334353637383940
40
Release Notes for Cisco TelePresence System Software Release 1.10
Caveats in the CTS 1.10 Releases
Resolved Caveats in Release 1.10.5.1
CSCuo20210
Symptom The following Cisco TelePresence Systems include a version of OpenSSL that is affected by
the vulnerability identified by the Common Vulnerability and Exposures (CVE) ID CVE-2014-0160.
Cisco TelePresence System 500-32
Cisco TelePresence System 500-37
Cisco TelePresence System 1000
Cisco TelePresence System 1100
Cisco TelePresence System 1300
Cisco TelePresence 1310
Cisco TelePresence System 3000 Series
Cisco TelePresence TX 9000 Series
This CDETS has been opened to address the potential impact on this product.
Conditions The vulnerable releases by product, are:
TX9000, TX9200, TX1310-65 and CTS500-32: 6.0.x, 6.1.0, 6.1.1, and 6.1.2
CTS3000, CTS3010, CTS3200, CTS3210, CTS1000, CTS1100, CTS1300 and CTS500-37: 1.10.0,
1.10.1, 1.10.2, 1.10.3, 1.10.4 and 1.10.5
Workaround There is no workaround.
CSCuo30624
Symptom A manufacturer-installed certificate (MIC) can only be generated only during manufacturing.
Because of OpenSSL Heartbeat Extension Vulnerability, if a MIC has been exposed, the system is
susceptible to attacks even after applying the Heartbleed patch. This caveat adds an enhancement to
allow a locally significant certificate (LSC) to be used by the Key Exchange process to establish
Datagram Transport Layer Security (DTLS) sessions between endpoints.
Conditions This condition might arise for any TelePresence systems that are affected by the Heartbleed
vulnerability. See CSCuo20210 for a list of the systems and software. There is also a Cisco security
advisory at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts.
Workaround There is no workaround.