Careers & Certifications

04:11 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Networking Vendors Issue Heartbleed Fixes

Cisco and Juniper report progress in addressing far-reaching OpenSSL vulnerability that hit switches, VPNs and other products.

The Heartbleed bug that came to light last week affected a huge swath of networking products, prompting vendors to issue alerts and updates.

Cisco on April 9 released a security advisory with a list of products affected by the OpenSSL vulnerability that included Nexus switches, Cisco IPS, and Teleprescence equipment.

A Cisco spokesperson said in an email to Network Computing Monday that the company is continuing to work on patches for some products, but that many more products are unaffected by Heartbleed or have already been remediated. He said customers should check back on the advisory for the latest updates.

Juniper also released a list of affected products, which included Junos OS 13.3R1 and certain versions of the company's SSL VPN. Nearly all of the products have been updated, a spokesperson said Monday.

"Every Juniper product affected by the Heartbleed vulnerability now has a fix available except for older versions of our Unified Access Control, which we expect to provide a patch for shortly. We continue to work closely with customers to help them update their systems," the spokesperson said in an email.

Other networking vendors that reported products affected by Heartbleed include F5, Fortinet and Aruba. Carnegie Mellon CERT published a list of vendor alerts and updates.

Networking expert Tom Hollingsworth of Gestalt IT said he knew vendors were trying to get patches out as quickly as possible, but wondered how many vendors didn't disclose they were using OpenSSL in their products.

Brian Monkman, perimeter security programs manager at ICSA Labs, wrote in a blog post Monday that while much of the focus in the wake of the Heartbleed bug has been on the hundreds of thousands of potentially vulnerable websites, less attention has been paid to potentially vulnerable network security products.

"To put this into perspective, ANY product that uses OpenSSL or one of its variants to create a secure connection is potentially at risk," he wrote. "This could mean, for example, a network firewall with an outward facing administrative interface that uses an HTTPS connection may be vulnerable, or a Web application firewall that has SSL termination functionality may also be vulnerable."

For an explanation of the overall impact of Heartbleed, check out this Dark Reading blog post by Tim Sapio, a security analyst at Bishop Fox, a security consulting firm.

Marcia Savage is the managing editor for Network Computing, and has been covering technology for 15 years. She has written and edited for CRN and spent several years covering information security for SC Magazine and TechTarget. Marcia began her journalism career in daily ... View Full Bio

Comment  | 
Print  | 
More Insights
Cartoon
Hot Topics
17
Confessions Of A VMworld Virgin
Susan Fogarty, Editor in Chief,  8/22/2014
9
IT Hiring: Social Media Matters
Marcia Savage, Managing Editor, Network Computing,  8/27/2014
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Slideshows
Twitter Feed