cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
485
Views
0
Helpful
1
Replies

LMS3.2 and OpenSSL

BlueyVIII
Level 1
Level 1

Hello,


Following the recent announcement about the OpenSSL HeartBleed vulnerability I need to asses whether our CiscoWorks LMS 3.2 (Windows) is vulnerable.

Is it possible to identify which (if any) OpenSSL is used?

 

 

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

"openssl version -v" will tell you the version number. You definitely won't see the patched (1.0.1g) version as it was just released on April 7 2014.

So it comes down to how OpenSSL was implemented in LMS 3.2 (or any other older product). It may actually be such an old version (pre-1.0.1 ca. March 2012) that it didn't support the heartbeat function and thus not have the vulnerability.

The Cisco Security Advisory for the OpenSSL Heartbeat Extension vulnerability will be updated in coming days to further list the known affected (and unaffected) products. Right now, it's a pretty sparse list.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco