Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

LMS3.2 and OpenSSL

Hello,


Following the recent announcement about the OpenSSL HeartBleed vulnerability I need to asses whether our CiscoWorks LMS 3.2 (Windows) is vulnerable.

Is it possible to identify which (if any) OpenSSL is used?

 

 

1 REPLY
Hall of Fame Super Silver

"openssl version -v" will

"openssl version -v" will tell you the version number. You definitely won't see the patched (1.0.1g) version as it was just released on April 7 2014.

So it comes down to how OpenSSL was implemented in LMS 3.2 (or any other older product). It may actually be such an old version (pre-1.0.1 ca. March 2012) that it didn't support the heartbeat function and thus not have the vulnerability.

The Cisco Security Advisory for the OpenSSL Heartbeat Extension vulnerability will be updated in coming days to further list the known affected (and unaffected) products. Right now, it's a pretty sparse list.

77
Views
0
Helpful
1
Replies
CreatePlease to create content