Openssl Heart bleed mitigation for IOS XE

narayana reddy · ‎04-10-2014

Can someone suggest, how to mitigate the openssl heart bleed with IOS XE, Please share the process

am currently using below model

IOS version: cat4500e-universalk9.SPA.03.04.02.SG.151-2.SG2.bin

Mike Schultz · ‎04-10-2014

I believe you'd only have the HeartBleed vulnerability if ip http secure-server was enabled on your device. If that is not enabled, I believe you're ok.

I haven't been able to find out too much information from Cisco except what's in this link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

I too am trying to find out what needs to be done to patch my enterprise's IOS-XE (and any additional products Cisco identifies as being vulnerable) devices to a secure version.

While waiting to hear from Cisco, my team is going through all of our devices to ensure https is disabled.

sbhadrav@cisco.com · ‎04-11-2018

The Cisco Product Security Incident Response Team (PSIRT) is currently investigating which Cisco products are affected by this vulnerability. Cisco Advisory OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products was just published and already includes information on vulnerable products and others confirmed not vulnerable. The advisory will be updated as additional information about other products becomes available. Cisco will release free software updates that address these vulnerabilities. Any updates specifically related to Cisco will be communicated according to the Cisco Security Vulnerability Policy.