Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISA500 is vulnerable to Heartbleed!

Hi,

We have a Cisco ISA570 running the latest firmware version of 1.2.19.

However, after running several Heartbleed tests, we found that it is vulnerable to this threat.  It's not even listed as an affected product on the Cisco Security Advisory page.  

We had to disable SSL VPN services as a workaround, but that disables remote access for our users which isn't an acceptable option for long term.

What do we need to do to get our ISA570 updated to fix this active threat?

Thanks in advanced!

-rya

11 REPLIES
New Member

What test did you do to

What test did you do to confirm vulnerability? 

New Member

 One from our CA: https:/

 

One from our CA: https://sslanalyzer.comodoca.com/

And the famous one that most are using: http://filippo.io/Heartbleed/

 

New Member

I agree with your results,

I agree with your results, and thanks for the Comodo link - very nice report. Let's hope this isn't 6 months for a fix.

New Member

Verified, and the ISA is

Verified, and the ISA is indeed vulnerable to Heartbleed.

Probably have to disable SSLVPN until a fix is issued...

New Member

I've attempted to open a

I've attempted to open a ticket with Cisco; however, they said that they are aware of the issue.  They are attempting to determine if the ISA500s are actually vulnerable.

New Member

It's official...https://tools

It's official...

https://tools.cisco.com/bugsearch/bug/CSCuo29778

How long until a fix is published should be interesting.

New Member

It is about time Cisco is

It is about time Cisco is closing that issue by providing us with a firmware update ... I will think of this experience when buying the next smb-hardware.

New Member

We also have the same problem

We also have the same problem.

New Member

Has there been a fix yet, can

Has there been a fix yet, can't seem to find anything yet.

 

New Member

Looks as though we have a fix

Looks as though we have a fix! 1.2.20 enjoy all!

Yep, and the release notes

Yep, and the release notes didn't take ages to come out:

http://www.cisco.com/c/dam/en/us/td/docs/security/small_business_security/isa500/release/1-2-20/ISA500_RN_1_2_20.pdf

Michael Please rate all helpful posts
9
Views
0
Helpful
11
Replies