Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
511
Views
0
Helpful
1
Replies

LMS3.2 and OpenSSL

BlueyVIII
Level 1
Level 1

‎04-09-2014 05:46 AM

Hello,


Following the recent announcement about the OpenSSL HeartBleed vulnerability I need to asses whether our CiscoWorks LMS 3.2 (Windows) is vulnerable.

Is it possible to identify which (if any) OpenSSL is used?

 

 

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-09-2014 08:41 AM

"openssl version -v" will tell you the version number. You definitely won't see the patched (1.0.1g) version as it was just released on April 7 2014.

So it comes down to how OpenSSL was implemented in LMS 3.2 (or any other older product). It may actually be such an old version (pre-1.0.1 ca. March 2012) that it didn't support the heartbeat function and thus not have the vulnerability.

The Cisco Security Advisory for the OpenSSL Heartbeat Extension vulnerability will be updated in coming days to further list the known affected (and unaffected) products. Right now, it's a pretty sparse list.

0 Helpful
Customers Also Viewed These Support Documents