Fall World 2014

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

April 11, 2014

Heartbleed Bug Hits At Heart of Many Cisco, Juniper Products

Network World — The Heartbleed Bug, a flaw in OpenSSL that would let attackers eavesdrop on Web, e-mail and some VPN communications, is a vulnerability that can be found not just in servers using it but also in network gear from Cisco and Juniper Networks. Both vendors say there's still a lot they are investigating about how Heartbleed impacts their products, and to expect updated advisories on a rolling basis.

Juniper detailed a long list in two advisories, one here and the other here. Cisco acted in similar fashion with its advisory.

"Expect a product by product advisory about vulnerabilities," says Cisco spokesman Nigel Glennie, explaining that Cisco engineers are evaluating which Cisco products use the flawed versions of OpenSSL that may need a patch though not all necessarily will. That's because Cisco believes it's a specific feature in OpenSSL that is at the heart of the Heartbleed vulnerability and that it's not always turned on in products.

...

http://www.cio.com/article/751365/Heartbleed_Bug_Hits_At_Heart_of_Many_Cisco_Juniper_Products