Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 9.2(1) OpenSSL 1.0.1e, Heartbleed vulnerable?

I have a TAC case opened because according to the release notes for 9.2(1) it states that OpenSSL has been upgraded to 1.0.1e.  The release notes for ASDM 7.2(1) states the same.  So far the TAC engineer could not rule out that 9.2(1) indeed does have a vulnerable release of OpenSSL in it.  I will update this thread when TAC has confirmed or denied that 9.2(1) is vulnerable to Heartbleed.
 

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hello Ian Brown,The ASA 9.2.1

Hello Ian Brown,

The ASA 9.2.1 is not vulnerable:

OpenSSL upgrade

The version of OpenSSL on the ASA will be updated to version 1.0.1e.

Note We disabled the heartbeat option, so the ASA is not vulnerable to the Heartbleed Bug.

We did not introduce or modify any commands.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/release/notes/asarn92.html

I hope you find this information helpful.

4 REPLIES
Cisco Employee

Hello Ian Brown,The ASA 9.2.1

Hello Ian Brown,

The ASA 9.2.1 is not vulnerable:

OpenSSL upgrade

The version of OpenSSL on the ASA will be updated to version 1.0.1e.

Note We disabled the heartbeat option, so the ASA is not vulnerable to the Heartbleed Bug.

We did not introduce or modify any commands.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/release/notes/asarn92.html

I hope you find this information helpful.

New Member

Earlier the Release Notes

Earlier the Release Notes didn't have that note of:

 

Note We disabled the heartbeat option, so the ASA is not vulnerable to the Heartbleed Bug.

 

I have the original PDF that was on Cisco.com earlier which lacked the note about heartbeat being disabled.

But now thanks to Jose Orozco

But now thanks to Jose Orozco you have the information :) so problem fixed

 

 

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
Hall of Fame Super Silver

I agree. A double VIP

I agree. A double VIP endorsement to Jose. :)

218
Views
0
Helpful
4
Replies