Cisco published a bulletin on its site, warning that some of its networking hardware and software, which includes routers, Ethernet switches, access points, and more, is affected by the Heartbleed bug, a flaw in the OpenSSL data encryption software used by many of the world's websites. Though most of this hardware wouldn't be found in the average person's home, the hardware that Cisco identifies as vulnerable is likely used by private companies, governments, and other organizations.
We reached out to Cisco for comment, and asked whether a patched website would still be vulnerable to Heartbleed if the organization running the site is still using Cisco hardware and/or services to keep it up and running. Nigel Glennie, Senior Manager of Global Corporate Communcations for Cisco, responded to our request for comment, stating that the list of affected hardware and services "are not going to be the type of products that allow the exploitation of user data on a website."
However, that seems to run contrary to Cisco's own bulletin, which states that "Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server." On top of that, the bulletin also states that "disclosed portions of memory could contain sensitive information that may include private keys and passwords."
Digital Trends is currently awaiting clarification on the apparent discrepancy between Glennie's statement and Cisco's published security advisory.
Here's the list of Cisco networking hardware and services that's affected by the Heartbleed bug, according to the firm's official bulletin, as of this writing. Cisco will continue to update these lists, so check back with this Security Advisory page often.
Cisco AnyConnect Secure Mobility Client for iOS [CSCuo17488]
Cisco Desktop Collaboration Experience DX650
Cisco Unified 7800 series IP Phones
Cisco Unified 8961 IP Phone
Cisco Unified 9951 IP Phone
Cisco Unified 9971 IP Phone
Cisco IOS XE [CSCuo19730]
Cisco Unified Communications Manager (UCM) 10.0
Cisco Universal Small Cell 5000 Series running V3.4.2.x software
Cisco Universal Small Cell 7000 Series running V3.4.2.x software
Small Cell factory recovery root filesystem V2.99.4 or later
Cisco MS200X Ethernet Access Switch
Cisco Mobility Service Engine (MSE)
Cisco TelePresence Video Communication Server (VCS) [CSCuo16472]
Cisco TelePresence Conductor
Cisco TelePresence Supervisor MSE 8050
Cisco TelePresence Server 8710, 7010
Cisco TelePresence Server on Multiparty Media 310, 320
Cisco TelePresence Server on Virtual Machine
Cisco TelePresence ISDN Gateway 8321 and 3201 Series
Cisco TelePresence Serial Gateway Series
Cisco TelePresence IP Gateway Series
Cisco WebEx Meetings Server versions 2.x [CSCuo17528]
Cisco Security Manager [CSCuo19265]
Cisco is also currently investigating whether any of its other networking products are vulnerable to Heartbleed. Here's a list of the hardware and services that the firm is looking into as of this writing.
Cisco IOS XR
Cisco Nexus 1000V Series Switches
Cisco Nexus 4000 Series Switches
Cisco Nexus 5000 Series Switches
Cisco Nexus 6000 Series Switches
Cisco Nexus 9000 Series Switches
Cisco IPS
Cisco Webex Messenger
Cisco Jabber client
Cisco OnePK All-in-One VM
Cisco DCM Series 9900-Digital Content Manager
Cisco D9034-S Encoder
Cisco D9054 HDTV Encoder
Cisco Show and Share
WebEx Social
Cisco Adaptive Security Device Manager (ASDM)
Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module (FWSM)
Cisco Digital Media Manager
Cisco Digital Media Players
Cisco Edge 300 Digital Media Player
Cisco Edge 340 Digital Media Player
Cisco Emergency Responder
Cisco Internet Streamer CDS
Cisco Enterprise Content Delivery System (ECDS)
Cisco IP Communicator
Cisco TelePresence Recording Server
Cisco Network Analysis Module Software (NAM)
Cisco Wireless Location Appliance
CiscoWorks Wireless LAN Solution Engine (WLSE)
Cisco Physical Access Gateways
Cisco Physical Access Manager
Cisco Video Surveillance Media Server Software
Cisco Video Surveillance Operations Manager Software
Cisco NetFlow Generation Appliance 3240
Cisco Prime Data Center Network Manager
Cisco Prime Analytics for SPs
Cisco Prime Central for SPs
Cisco Prime Provisioning for SPs
Cisco Prime Performance Manager for SPs
Cisco Prime Optical for SPs
Cisco Prime Network Services Controller (formerly the Cisco Virtual Network Management Center)
Cisco Prime Network Registrar
Cisco Unified Contact Center Products
Cisco Unified Department Attendant Console
Cisco Unified E-Mail Interaction Manager
Cisco Unified Enterprise Attendant Console
Cisco Unified Mobility
Cisco Unified Operations Manager
Cisco Unified Personal Communicator
Cisco Unified Presence
Cisco Unified Provisioning Manager
Cisco Unified Quick Connect
Cisco Unified Service Monitor
Cisco Unified Service Statistics Manager
Cisco UCS Invicta Series Solid State Systems
Cisco NAC Server
Cisco NAC Manager
Cisco NAC Agent
Cisco NAC Guest Server
Cisco ONS 15454 Series Multiservice Provisioning Platforms
Cisco Quantum Policy Server (QPS)
Cisco TelePresence System 500
Cisco TelePresence System 1100
Cisco TelePresence System 1300 Series
Cisco TelePresence System 3000 Series
Cisco TelePresence System T Series
Cisco IP Video Phone E20
Cisco TelePresence MX Series
Cisco TelePresence EX Series
Cisco Telepresence Integrator C Series
Cisco TelePresence Profile Series
Cisco TelePresence SX Series
Cisco TelePresence Movi with Precision HD USB / Jabber Video
Cisco TelePresence MXP Series
Cisco TelePresence MCU all series
Cisco TelePresence Advanced Media Gateway Series
Cisco TelePresence IP VCR Series
Cisco TelePresence ISDN GW 3241
Tandberg Codian ISDN GW 3210/3220/3240
Tandberg Codian MSE 8310 model
Tandberg 770/880/990 MXP Series
Finally, here's a list of Cisco hardware that has been analyzed by the company, and deemed to be not vulnerable to Heartbleed, as of this writing.
Cisco IOS
Cisco MDS Switches
Cisco Nexus 3000 Series Switches
Cisco Nexus 7000 Series Switches
Cisco Adaptive Security Appliance (ASA) Software
Cisco ACE Application Control Engine Module
Cisco ACE Application Control Engine Appliance
Cisco AnyConnect Secure Mobility Client for desktop platforms
Cisco AnyConnect Secure Mobility Client for Android
Cisco CSS 11500 Series Content Services Switches
Cisco Unified 7900 series IP Phones
Cisco Unified 6900 series IP Phones
Cisco Unified 3900 series IP Phones
Cisco Unified 8941 IP Phone
Cisco Unified 8945 IP Phone
Cisco Unified IP Conference Phone 8831
Cisco Unified Communications Manager (UCM) 9.1(2) and earlier
Cisco Unified Communications Domain Manager
Cisco Unified Business Attendant Console
Cisco Unified Department Attendant Console
Cisco Unified Enterprise Attendant Console
Cisco Identity Service Engine (ISE)
Cisco Secure Access Control Server (ACS)
Cisco Wireless Lan Controller (WLC)
Cisco Wireless Control System (WCS)
Cisco Web Security Appliance (WSA)
Cisco Content Security Management Appliance (SMA)
Cisco Email Security Appliance (ESA)
Cisco IronPort Encryption Appliance (IEA)
Cisco UCS Central
Cisco UCS Fabric Interconnects
Cisco UCS B-Series (Blade) Servers
Cisco UCS C-Series (Stand alone Rack) Servers
Cisco RV315W Wireless-N VPN Router
Cisco RV215W Wireless-N VPN Router
Cisco RV220W Wireless-N VPN Router
Cisco RV180W Wireless-N VPN Router
Cisco RV120W Wireless-N VPN Router
Cisco RV110W Wireless-N VPN Router
Cisco CVR100W Wireless-N VPN Router
Cisco RV325 VPN Router
Cisco RV320 VPN Router
Cisco RV180 VPN Router
Cisco RV082 VPN Router
Cisco RV042 VPN Router
Cisco RV016 VPN Router
Cisco 200 Series Smart Switches
Cisco 300 Series Managed Switches
Cisco 500 Series Stackable Managed Switches
Cisco ESW2 Series Advanced Switches
Cisco WAP121 Wireless-N Access Point
Cisco WAP321 Wireless Access Point
Cisco WAP551/561 Wireless-N Access Point
Cisco WAP4410N Wireless-N Access Point
Cisco Meraki Cloud Managed Indoor Access Points
Cisco Meraki Cloud-Managed Outdoor Access Points
Cisco Meraki MX Security Appliances
Cisco Meraki MS Access Switches
Cisco WebEx Meetings Server versions 1.x
Cisco Application and Content Networking System (ACNS) Software
Cisco Wide Area Application Services (WAAS) Software
Cisco ACE Global Site Selector Appliances (GSS)
Cisco Prime Network Analysis Module (NAM)
Cisco Prime Infrastructure
Cisco Content Switching Module with SSL (CSM-S)
Cisco SSL Services Module (SSLM)
Cisco Intelligent Automation for Cloud
Cisco Meraki Dashboard
Cisco WebEx Meeting Center
Cisco WebEx Support Center
Cisco WebEx Training Center
Cisco WebEx Event Center
Cisco Universal Small Cell CloudBase
Cisco Cloud Web Security
Image credit: http://images.china.cn
From BEN Latest News: www.benlatestnews.com
Follow us on Twitter: www.twitter.com/benlatestnews
0 comments:
Post a Comment