| |
|
Alert Type: | New |
Bug Id: | CSCuz44178 | Title: | Evaluation of ctm for NTP_April_2016 |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Cisco Prime Optical for SPs includes a version of ntpd that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2015-8138, CVE-2016-1550, CVE-2015-7704, CVE-2016-1547, CVE-2016-1548, CVE-2016-1549
Investigation revealed whilst the product runs NTPd, it doesn't support the necessary functions to be exploitable.
Conditions:
N/A
Workaround:
N/A
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 6.4/5.3
http://tools.cisco.com/security/center/cvssCalculator.x?version=2&vector=AV:N/AC:L/Au:N/C:N/I:P/A:P/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:L/IR:L/AR:L
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 9.8(0.4) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy36433 | Title: | Evaluation of ctm for glibc_feb_2016 |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Cisco Prime Optical for SPs includes a version of glibc that is affected by the vulnerability identified by one or more of the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2015-7547
And disclosed in http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc
This bug has been opened to address the potential impact on this product.
Conditions:
Exposure is not configuration dependent.
Cisco has reviewed and concluded that this product is affected by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2015-7547
Workaround:
Not available.
Further Problem Description:
Additional details about those vulnerabilities can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 10.0/9.5
http://tools.cisco.com/security/center/cvssCalculator.x?version=2&vector=AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: * | 10.6(0.0.1), 9.8(0.4) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz52420 | Title: | Evaluation of ctm for OpenSSL May 2016 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
This product includes a version of OpenSSL that is affected by the vulnerability identified by one or more of the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176
And disclosed in https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
This bug has been opened to address the potential impact on this product.
Cisco has analyzed the vulnerabilities and concluded that this product may be affected by the following vulnerabilities:
Memory corruption in the ASN.1 encoder CVE-2016-2108
Padding oracle in AES-NI CBC MAC check CVE-2016-2107
EVP_EncodeUpdate overflow CVE-2016-2105
EVP_EncryptUpdate overflow CVE-2016-2106
ASN.1 BIO excessive memory allocation CVE-2016-2109
This product is not affected by the following vulnerability:
EBCDIC overread CVE-2016-2176
Conditions:
Exposure is not configuration dependent.
Workaround:
None
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base CVSS score as of the time of evaluation is: 5.1
https://tools.cisco.com/security/center/cvssCalculator.x?version=2&vector=AV:N/AC:H/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
The score reflects the maximum score for all the vulnerabilities mentioned in this bug information
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Last Modified: | 12-MAY-2016 |
|
Known Affected Releases: | 10.6(0.0.114) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy67423 | Title: | OTS links not discovered if pre 9.2 MSTP nodes are managed on CPO |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
OTS links not discovered if pre 9.2 MSTP nodes are managed on CPO
Conditions:
CPO managing pre 9.2 DWDM node with OTS links.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: * | 10.3(0.4), 10.6(0.0.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz69833 | Title: | CorbaGW should send alarms clear to Prime Central on node OOS |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * | Symptom:
FM is not in sync with PO after OOS (out of service)
Conditions:
make node OOS
Workaround:
resync FM
Further Problem Description:
none
|
|
Last Modified: | 23-MAY-2016 |
|
Known Affected Releases: | 10.3(0.4) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz26885 | Title: | If GDT shelf is configured,can't see the module view in shelf-1 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
We are not able to see the module view of any card in shelf -1 if any of the GDT shelf is pre provisioned in the NE
Conditions:
If GDT shelf is present then only this issue is present
Workaround:
NA
Further Problem Description:
NA
|
|
Last Modified: | 03-MAY-2016 |
|
Known Affected Releases: | 10.6(0.0.101) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz00101 | Title: | contrast level of play and stop button in event export is less |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: | Symptom:
contrast level of play and stop button in event export is less
Conditions:
contrast level of play and stop button in event export is less.
checked on 10.6.0.0.79
Workaround:
na
Further Problem Description:
na
|
|
Last Modified: | 25-MAY-2016 |
|
Known Affected Releases: | 10.6(0.0.79) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtn28599 | Title: | CTM must support the ONS 15454 SONET and SDH release 8.5. |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
CTM must support the ONS 15454 SONET and ONS 15454 SDH R8.5.
Conditions:
The CTM R9.2 Supported NE table does not contain the ONS 15454 SONET R8.5 or ONS 15454 SDH R8.5.
Workaround:
Add the NE releases manually. Alternately, install the latest CTM R9.2 patch. For instructions, see the Release Notes for Cisco Transport Manager Release 9.2.
|
|
Last Modified: | 03-MAY-2016 |
|
Known Affected Releases: | 9.2(0.420.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtn62500 | Title: | CTM must add a runtime logging utility for Jacorb. |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
CTM must add a runtime logging utility for Jacorb.
Conditions:
The utility for runtime jacorb works correctly with NEs with IPv4.
Workaround:
Install the latest CTM R9.1 patch. For instructions, see the readme file that accompanies the patch.
|
|
Last Modified: | 03-MAY-2016 |
|
Known Affected Releases: * | 9.0, 9.1, 9.2, 9.3(0.1), 9.3(1.1) |
|
Known Fixed Releases: | 9.3(1.129) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtl73675 | Title: | getTPHistoryPMData return 0 PM if user filters at ptp level |
|
Status: | Terminated |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
The getCTMHistoryPMData and getTPHistoryPMData APIs return an empty file or 0 PM.
Conditions:
This problem occurs when the APIs execute with layer rates 15 (LR_STS3c_and_AU4_VC4) or 14 (LR_STS1_and_AU3_High_Order_VC3) and filter at the PTP level.
Workaround:
Execute the APIs at the NE level.
Further Problem Description:
|
|
Last Modified: | 03-MAY-2016 |
|
Known Affected Releases: | 9.2(0.420.2) |
|
Known Fixed Releases: | |
|
|
| |
2015 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论