Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco Ironport and heartbeat information disclosure - Vulnerability Note VU#720951

Has there been any word from Cisco if Ironport software is vulnerable to this issue/bug?

http://www.kb.cert.org/vuls/id/720951

 

 

 

4 REPLIES
New Member

Looking for info as well.

Looking for info as well.  Not sure how to check on the Ironport devices if OpenSSL is even used.  Please update this thread with information.  We have our security teams looking to know what the status is of the vulnerability.

Also, it is the heart bleed vulnerability.  You can also see more information at www.heartbleed.com

 

Cisco Employee

Just making sure to update

Just making sure to update the thread, as requested.  I have also created the same information in the announcements on the top of page:

As of Wednesday morning, April 9, we are pending an update from our PSIRT, which handles all vulnerability and security responses for all Cisco Products.

The official PSIRT information can be found at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
 
Please expand the Affected Products -> Vulnerable Products/Products Confirmed Not Vulnerable to view the latest product listings.  Our products, Email and Web Security (ESA, IEA, WSA, SMA), and/or AsyncOS, will be listed once they update this public facing information.

The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at: 
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

For any and all inquires regarding the vulnerabtiliy, please contact the Cisco PSIRT at psirt@cisco.com

At this time, please see the following information from our Security Intelligence Operations: 
http://tools.cisco.com/security/center/viewAlert.x?alertId=33695

Cisco Employee

Please note the updated

Please note the updated announcement for our products:

As of Wednesday, April 9, Cisco Email and Web Security had been updated from our PSIRT, which handles all vulnerability and security responses for all Cisco products.

The official PSIRT information can be found at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
 
Please expand the Affected Products -> Products Confirmed Not Vulnerable to view the latest Cisco product listings.  Our products, Email and Web Security (ESA, IEA, WSA, SMA), are listed and updated in this public facing information.   

The Cisco PSIRT continues to investigate the impact of this vulnerability on Cisco products, and will disclose any vulnerabilities according to our security policy, which is available at: 
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

For any and all inquires regarding this vulnerability and the public facing notification, please contact the Cisco PSIRT at psirt@cisco.com

Also, please see the following information released Tuesday, April 8, from our Security Intelligence Operations: 
http://tools.cisco.com/security/center/viewAlert.x?alertId=33695

Cisco Employee

Please see the following

Yes, we are aware of this current vulnerability - and our PSIRT team is working to address this developing issue.

The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

For any and all inquires regarding the vulnerabtiliy, please contact the Cisco PSIRT at psirt@cisco.com

At this time, please see the following information from our Security Intelligence Operations:

http://tools.cisco.com/security/center/viewAlert.x?alertId=33695

-Robert

25
Views
0
Helpful
4
Replies
CreatePlease to create content