cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1374
Views
0
Helpful
4
Replies

Cisco Security Advisory: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

MSS Operations
Level 1
Level 1

Hello Experts,

 

I need to rule out that we have affected openSSL version 1.0.1 running on our devices. I need to know what is the version of openSSL that is current on the following platforms:

 

Cisco PIX

Cisco FWSM

Cisco ISR

Cisco VPN Concentrator

 

I know ASA runs 0.9.8f and I know that PIX and Concentrator are very old, and they might run an older version, however for a security assessment I need to rule those out too.

Does anyone know what is the version for these platforms?

Thanks in advance.

 

4 Replies 4

Leo Laohoo
Hall of Fame
Hall of Fame

FYI for everyone else:  The world calls this vulnerability as "Heartbleed" but, somehow, it's called as "Heartbeat" by Cisco.

The bug is named Heartbleed, and Cisco refers to it as such.  Heartbeat is the section of code that contains the bug, and thus where the name Heartbleed came from in the first place.

Marvin Rhoads
Hall of Fame
Hall of Fame

The definitive source is and will continue to be the Cisco Security Advisory. It has already been updated several times today. Please keep checking back to it at the following URL:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

That said, the Pix and VPN Concentrator development and code release ended prior to the release of openssl with the vulnerability so I would hazard an educated guess that you won't have any problems with respect to this particular vulnerability. THAT said, if you're concerned about security vulnerabilities why are you running products with associated code that has not had other documented bugs and vulnerabilities patched for at least several years?

The ISR G2 will almost certainly depend on the IOS level and whether you are using any of the ssl-related features.

kushsriva
Level 1
Level 1

Hi,

 

You can go to http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed for information about the affected Cisco products from this vulnerability.

 

Regards,

Kush

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: