Number:IRCNE2014042155
Date: 2014-04-12
According to “zdnet”, both Cisco and Juniper have disclosed that some of their products are affected by the Heartbleed bug.
Cisco issued an advisory on Wednesday stating that a long list of products were either confirmed vulnerable or under investigation for the vulnerability. Among the 16 products confirmed vulnerable (as of version 1.2 of the advisory) are the Cisco Unified Communication Manager (UCM) 10.0, Cisco MS200X Ethernet Access Switch and several Cisco Unified IP Phones. The 1.2 advisory lists 65 products as under investigation.
Two products, the Cisco Registered Envelope Service (CRES) and Cisco Webex Messenger Service, had been vulnerable and have been remediated. The advisory says that no Cisco hosted services are currently known to be affected. Another 62 products are confirmed not vulnerable, including many routers and Cisco IOS itself.
Juniper has published a "High Alert" notice on their security home page. The High Alert merely gives a brief description of Heartbleed without any mention of which products may be affected.
A Juniper spokesperson provided this statement:a subset of Juniper’s products were affected by the Heartbleed vulnerability including certain versions of our SSL VPN software, which presents the most critical concern for customers. We issued a patch for our SSL VPN product on Tuesday and are working around the clock to provide patched versions of code for our other affected products.
We encourage our customers to contact Juniper’s Customer Support Center for detailed advisories and product updates. We work with customers running vulnerable products very closely to ensure they take the appropriate steps we have identified and deploy any necessary updates or mitigations in a timely manner.
- 8