Does anyone know if the Cisco Network Assistant (CNA) software is affected by the Heartbleed vulnerability? I've looked through the various list of products under investigation, vulnerable and not vulnerable and can't find CNA listed. Doesn't make sense in my mind that it would be but I'm being asked for proof by manglement! Afterall, all our other tools ASDM, Prime Infastructure etc are listed as not vulnerable but this is curiously missing.
check the below link
CNA is not affected by this vulnerability.
***Ratings Encourages Contributors ***
Thanks for the reply Afroz. I have been checking that page regularly but CNA is NOT listed in any of the sections hence my question (Unless it's being called something different).
I really need to find an official declaration on the Cisco website otherwise I'll have to reimage my PC and not reinstall CNA.
There's no https server in CNA - it's just a Java-based client application.
It does query the managed devices using the target devices' http(s) servers. So it's the IOS on your switches and routers that would be of concern - not CNA itself.
Cisco IOS is on the "Products Confirmed Not Vulnerable" list.
Thanks for the replies. It's just a shame Cisco don't list the product on the webpage as proof for the non-techies that seem to make the decisions! ;-)