Thanks for the reply Afroz.

zac.quinn · ‎04-25-2014

Does anyone know if the Cisco Network Assistant (CNA) software is affected by the Heartbleed vulnerability? I've looked through the various list of products under investigation, vulnerable and not vulnerable and can't find CNA listed. Doesn't make sense in my mind that it would be but I'm being asked for proof by manglement! Afterall, all our other tools ASDM, Prime Infastructure etc are listed as not vulnerable but this is curiously missing.

TIA

Zac

AFROJ AHMAD · ‎04-25-2014

check the below link

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

CNA is not affected by this vulnerability.

Thanks-

Afroz

***Ratings Encourages Contributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

zac.quinn · ‎04-26-2014

Thanks for the reply Afroz. I have been checking that page regularly but CNA is NOT listed in any of the sections hence my question (Unless it's being called something different).

I really need to find an official declaration on the Cisco website otherwise I'll have to reimage my PC and not reinstall CNA.

Best regards,

Zac

Marvin Rhoads · ‎04-26-2014

There's no https server in CNA - it's just a Java-based client application.

It does query the managed devices using the target devices' http(s) servers. So it's the IOS on your switches and routers that would be of concern - not CNA itself.

Cisco IOS is on the "Products Confirmed Not Vulnerable" list.

zac.quinn · ‎04-30-2014

Thanks for the replies. It's just a shame Cisco don't list the product on the webpage as proof for the non-techies that seem to make the decisions! ;-)

CNA - Heartbleed Vulnerability?