Cisco Security Advisory OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

UPDATED

Cisco Security Advisory OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

heartbleed

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

To my fellow mobility folks out there, Cisco has released the list of affected products of the Heatbeat Bug.   My suggestion is to keep an eye on this link for changes in software / appliance vulnerability status.   As a highlight Cisco Prime Infrastructure, Cisco Identity Services Engine (ISE) NOW SAFE . However IOS XE software is on the hotlist.

Note: even though Cisco WLC’s, MSE’s are listed ok please make sure your code is up to date for other known PSIRT advisories.

As reminder, always follow best practices and keep an eye on your PSIRT notices for all your devices.

Vulnerable Products
The following Cisco products are affected by this vulnerability:

  • The following Cisco products are affected by this vulnerability:
    • Cisco Mobility Service Engine (MSE) [CSCuo20622]
    • Cisco AnyConnect Secure Mobility Client for iOS [CSCuo17488]
    • Cisco ASA CX Context-Aware Security [CSCuo24523]
    • Cisco Desktop Collaboration Experience DX650 [CSCuo16892]
    • Cisco IOS XE [CSCuo19730]
    • Cisco IP Video Phone E20 [CSCuo26699]
    • Cisco MS200X Ethernet Access Switch [CSCuo18736]
    • Cisco Nexus 1000V InterCloud [CSCuo18287]
    • Cisco Security Manager [CSCuo19265]
    • Cisco TelePresence Conductor [CSCuo20306]
    • Cisco TelePresence EX Series [CSCuo26378]
    • Cisco Telepresence Integrator C Series [CSCuo26378]
    • Cisco TelePresence IP Gateway Series [CSCuo21597]
    • Cisco TelePresence ISDN GW 3241 [CSCuo21486]
    • Cisco TelePresence ISDN GW MSE 8321 [CSCuo21486]
    • Cisco TelePresence ISDN Link [CSCuo26686]
    • Cisco TelePresence MX Series [CSCuo26378]
    • Cisco TelePresence Profile Series [CSCuo26378]
    • Cisco TelePresence Serial Gateway Series [CSCuo21535]
    • Cisco TelePresence Server 8710, 7010 [CSCuo21468]
    • Cisco TelePresence Server on Multiparty Media 310, 320 [CSCuo21468]
    • Cisco TelePresence Server on Virtual Machine [CSCuo21468]
    • Cisco TelePresence Supervisor MSE 8050 [CSCuo21584]
    • Cisco TelePresence SX Series [CSCuo26378]
    • Cisco TelePresence Video Communication Server (VCS) [CSCuo16472]
    • Cisco Unified 7800 series IP Phones [CSCuo16987]
    • Cisco Unified 8961 IP Phone [CSCuo16938]
    • Cisco Unified 9951 IP Phone [CSCuo16938]
    • Cisco Unified 9971 IP Phone [CSCuo16938]
    • Cisco Unified Communications Manager (UCM) 10.0 [CSCuo17440]
    • Cisco Unified Presence Server (CUPS)[CSCuo21298], [CSCuo21289]
    • Cisco Universal Small Cell 5000 Series running V3.4.2.x software [CSCuo22301]
    • Cisco Universal Small Cell 7000 Series running V3.4.2.x software [CSCuo22301]
    • Cisco WebEx Meetings Server versions 2.x [CSCuo17528]
    • FireAMP Private Cloud virtual appliance
    • Small Cell factory recovery root filesystem V2.99.4 or later [CSCuo22358]

    Other Cisco products may be affected by this vulnerability. The list of affected products will be updated as the investigation continues.

Other Cisco products may be affected by this vulnerability. The list of affected products will be updated as the investigation continues.

Products Confirmed Not Vulnerable

The following Cisco products have been analyzed and are not affected by this vulnerability:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

Cisco Security Advisory OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

Disclaimer:  Please use the link above for an updated list.