Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco Security Advisory: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

Hello Experts,

 

I need to rule out that we have affected openSSL version 1.0.1 running on our devices. I need to know what is the version of openSSL that is current on the following platforms:

 

Cisco PIX

Cisco FWSM

Cisco ISR

Cisco VPN Concentrator

 

I know ASA runs 0.9.8f and I know that PIX and Concentrator are very old, and they might run an older version, however for a security assessment I need to rule those out too.

Does anyone know what is the version for these platforms?

Thanks in advance.

 

4 REPLIES
Hall of Fame Super Gold

FYI for everyone else:  The

FYI for everyone else:  The world calls this vulnerability as "Heartbleed" but, somehow, it's called as "Heartbeat" by Cisco.

New Member

The bug is named Heartbleed,

The bug is named Heartbleed, and Cisco refers to it as such.  Heartbeat is the section of code that contains the bug, and thus where the name Heartbleed came from in the first place.

Hall of Fame Super Silver

The definitive source is and

The definitive source is and will continue to be the Cisco Security Advisory. It has already been updated several times today. Please keep checking back to it at the following URL:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

That said, the Pix and VPN Concentrator development and code release ended prior to the release of openssl with the vulnerability so I would hazard an educated guess that you won't have any problems with respect to this particular vulnerability. THAT said, if you're concerned about security vulnerabilities why are you running products with associated code that has not had other documented bugs and vulnerabilities patched for at least several years?

The ISR G2 will almost certainly depend on the IOS level and whether you are using any of the ssl-related features.

Bronze

Hi, You can go to http:/

Hi,

 

You can go to http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed for information about the affected Cisco products from this vulnerability.

 

Regards,

Kush

916
Views
0
Helpful
4
Replies