Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VCS and How to Update OpenSSL to Protect from HeartBleed Vulnerability

Hello,

This will probably be best addressed via a service ticket to Cisco, but thought I'd start here.

 

The vulnerability described here: http://heartbleed.com/ is definitely in our VCS infrastructure- perhaps as a Cisco variant, but definitely present. Is this something that Cisco typically will release a patch for, or are we supposed to update the box as like any other Linux based system. I'm concerned with warranty implications.

 

Thanks for any help!

-Kyle

1 REPLY
Cisco Employee

Hi Kyle,The Cisco PSIRT is

Hi Kyle,

The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

An INTERIM Cisco Security Advisory was published on April 9th, 2014 at 0300 UTC and is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed .

The Cisco PSIRT will update this Cisco Security Advisory as more information becomes available.

 

If the product is vulnerable, rest assured that we will address it appropriately. 

I hope this helps.

-Dejan

P.S. This specific community is for Cisco Unified MeetingPlace and Cisco WebEx Meetings Server products. For any further queries for VCS, I advise you to post them in Telepresence community to get the best possible assistance. 

1066
Views
0
Helpful
1
Replies