04-08-2014 08:11 AM
Has there been any word from Cisco if Ironport software is vulnerable to this issue/bug?
http://www.kb.cert.org/vuls/id/720951
04-08-2014 09:30 AM
Looking for info as well. Not sure how to check on the Ironport devices if OpenSSL is even used. Please update this thread with information. We have our security teams looking to know what the status is of the vulnerability.
Also, it is the heart bleed vulnerability. You can also see more information at www.heartbleed.com
04-09-2014 08:42 AM
Just making sure to update the thread, as requested. I have also created the same information in the announcements on the top of page:
As of Wednesday morning, April 9, we are pending an update from our PSIRT, which handles all vulnerability and security responses for all Cisco Products.
The official PSIRT information can be found at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
Please expand the Affected Products -> Vulnerable Products/Products Confirmed Not Vulnerable to view the latest product listings. Our products, Email and Web Security (ESA, IEA, WSA, SMA), and/or AsyncOS, will be listed once they update this public facing information.
The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
For any and all inquires regarding the vulnerabtiliy, please contact the Cisco PSIRT at psirt@cisco.com
At this time, please see the following information from our Security Intelligence Operations:
http://tools.cisco.com/security/center/viewAlert.x?alertId=33695
04-09-2014 06:58 PM
Please note the updated announcement for our products:
As of Wednesday, April 9, Cisco Email and Web Security had been updated from our PSIRT, which handles all vulnerability and security responses for all Cisco products.
The official PSIRT information can be found at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
Please expand the Affected Products -> Products Confirmed Not Vulnerable to view the latest Cisco product listings. Our products, Email and Web Security (ESA, IEA, WSA, SMA), are listed and updated in this public facing information.
The Cisco PSIRT continues to investigate the impact of this vulnerability on Cisco products, and will disclose any vulnerabilities according to our security policy, which is available at:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
For any and all inquires regarding this vulnerability and the public facing notification, please contact the Cisco PSIRT at psirt@cisco.com
Also, please see the following information released Tuesday, April 8, from our Security Intelligence Operations:
http://tools.cisco.com/security/center/viewAlert.x?alertId=33695
04-08-2014 02:27 PM
Yes, we are aware of this current vulnerability - and our PSIRT team is working to address this developing issue.
The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
For any and all inquires regarding the vulnerabtiliy, please contact the Cisco PSIRT at psirt@cisco.com
At this time, please see the following information from our Security Intelligence Operations:
http://tools.cisco.com/security/center/viewAlert.x?alertId=33695
-Robert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide