Cisco Support Community
Community Member

Heartbleed upgrade to ASA 9.1(3.4)?

Ok, this has probably been asked before but I can't for the life of me find an answer.


We are actually running v9.1(3) on our ASA5500's so "maybe" we are clear of the weakness.

However Cisco recommend upgrade to 9.1(3.4) to ensure clearance.


When you look on the ASA and on the download site there is no mention of any (3.x) ... so are we safe or not?

It's kind of daft to show these sub-versions without actually making mention of them on the hardware or site?

Everyone's tags (1)
Hall of Fame Super Silver

The official Cisco Security

The official Cisco Security Advisory (link) states the "Cisco Adaptive Security appliance (ASA) Software" is among the products confirmed not vulnerable.

ASA 9.1(3.4) is an interim build. Interim builds are generally only recommended by the TAC to address specific bugs whose fix hasn't been incorporated into minor releases. If they recommend it to a customer and it's not a published build, they should provide an FTP link for download.

Community Member

Thanks, although we aren't

Thanks, although we aren't using the features affected by Heartbleed it looks like I'm going to have to raise a case to access the maintenance release.

Community Member

Are ALL versions of ASA not

Are ALL versions of ASA not vulnerable?  We are on version 8.2(5).  We are also using VPN Client 5.x, which is not mentioned in the list.  Is it vulnerable? 

Hall of Fame Super Silver

The Heartbleed bug is an

The Heartbleed bug is an example of where "older is better". Products incorporating OpenSSL versions prior to 1.01 are generally not affected. Thus all ASA (and ASDM) versions are unaffected as their SSL uses an older distribution.

Note that the separate ASA CX software DOES have the vulnerability. Reference.

The VPN Client 5.x is IPsec-only - i.e., not SSL-based - and should thus be unaffected.

CreatePlease to create content