Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

CNA - Heartbleed Vulnerability?

Does anyone know if the Cisco Network Assistant (CNA) software is affected by the Heartbleed vulnerability? I've looked through the various list of products under investigation, vulnerable and not vulnerable and can't find CNA listed. Doesn't make sense in my mind that it would be but I'm being asked for proof by manglement! Afterall, all our other tools ASDM, Prime Infastructure etc are listed as not vulnerable but this is curiously missing.

TIA

Zac

Everyone's tags (2)
4 REPLIES
Cisco Employee

 check the below linkhttp:/

 

check the below link

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

 

CNA is not affected by this vulnerability.

 

Thanks-

Afroz

***Ratings Encourages Contributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Community Member

Thanks for the reply Afroz.

Thanks for the reply Afroz.  I have been checking that page regularly but CNA is NOT listed in any of the sections hence my question (Unless it's being called something different).

I really need to find an official declaration on the Cisco website otherwise I'll have to reimage my PC and not reinstall CNA.

Best regards,

Zac

Hall of Fame Super Silver

There's no https server in

There's no https server in CNA - it's just a Java-based client application.

It does query the managed devices using the target devices' http(s) servers. So it's the IOS on your switches and routers that would be of concern - not CNA itself.

Cisco IOS is on the "Products Confirmed Not Vulnerable" list.

Community Member

Thanks for the replies.  It's

Thanks for the replies.  It's just a shame Cisco don't list the product on the webpage as proof for the non-techies that seem to make the decisions! ;-)

 

52
Views
0
Helpful
4
Replies
CreatePlease to create content