Networking Vendor Heartbleed Security Notices

In case you’ve been under a rock, there’s a new security vulnerability in town that impacts OpenSSL, which is the defacto standard implementation for SSL/TLS support. It’s called Heartbleed and it impacts anything using OpenSSL 1.0.1 – 1.0.1f or the 1.0.2 beta (though nothing really should be using the beta).

This is a list of networking vendor notices or statements I have found regarding the vulnerability of their products to Heartbleed. I was originally going to put this into a tweet, but it got too long really quick…

Aerohive Networks: Aerohive not vulnerable to Heartbleed

APC: They say nothing is vulnerable. Their KB defies links to it. Search for document “FA228282” at APC Support.

Aruba Networks: OpenSSL 1.0.1 library (Heartbleed) vulnerability

Bluecoat: OpenSSL heartbeat information disclosure (CVE-2014-0160)

Cisco: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

Citrix: Citrix Security Advisory for CVE-2014-0160, aka the Heartbleed vulnerability

F5: SOL15159: OpenSSL vulnerability CVE-2014-0160

HP: HP Networking Communication: OpenSSL HeartBleed Vulnerability

Juniper: 2014-04 Out of Cycle Security Bulletin: Multiple products affected by OpenSSL “Heartbleed” issue (CVE-2014-0160)

Meraki: OPENSSL AND THE HEARTBLEED VULNERABILITY

VMware: Response to OpenSSL security issue CVE-2014-0160/CVE-2014-0346 a.k.a: “Heartbleed” (2076225)

Hope this helps you out!

[Edits: 4/11 – Added Bluecoat, Corrected Meraki link]

FIN

Leave a Reply