Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1557
Views
0
Helpful
1
Replies

VCS and How to Update OpenSSL to Protect from HeartBleed Vulnerability

kep224
Level 1
Level 1

‎04-08-2014 12:45 PM - edited ‎03-17-2019 04:05 PM

Hello,

This will probably be best addressed via a service ticket to Cisco, but thought I'd start here.

 

The vulnerability described here: http://heartbleed.com/ is definitely in our VCS infrastructure- perhaps as a Cisco variant, but definitely present. Is this something that Cisco typically will release a patch for, or are we supposed to update the box as like any other Linux based system. I'm concerned with warranty implications.

 

Thanks for any help!

-Kyle

1 person had this problem
Labels:
0 Helpful
1 Reply 1

dpetrovi
Cisco Employee
Cisco Employee

‎04-09-2014 05:47 PM

Hi Kyle,

The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

An INTERIM Cisco Security Advisory was published on April 9th, 2014 at 0300 UTC and is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed .

The Cisco PSIRT will update this Cisco Security Advisory as more information becomes available.

 

If the product is vulnerable, rest assured that we will address it appropriately. 

I hope this helps.

-Dejan

P.S. This specific community is for Cisco Unified MeetingPlace and Cisco WebEx Meetings Server products. For any further queries for VCS, I advise you to post them in Telepresence community to get the best possible assistance. 

0 Helpful
Customers Also Viewed These Support Documents