Solved: Hi John,For PSIRT

saarbaug · ‎05-23-2014

Hi everyone,

Is Smart Net Total Care affected by Heartbleed?

Thanks.

Regards, Sandra Kindly remember to mark questions as answered and please rate posts and answers if you find them helpful.

Kevin Ohlson · ‎05-23-2014

The Cisco security team has confirmed that Smart Net Total Care is ‘Not Vulnerable’ in the Cisco Heartbleed Advisory. The CSPC Collector 2.3 has been confirmed to contain vulnerable, though unused, OpenSSL libraries and is therefore classified as ‘Vulnerable’ in the Heartbleed Advisory. A patch to remove these unused libraries is available. Please refer to the Advisory for additional information and next steps, if applicable.

View solution in original post

Kevin Ohlson · ‎05-23-2014

The Cisco security team has confirmed that Smart Net Total Care is ‘Not Vulnerable’ in the Cisco Heartbleed Advisory. The CSPC Collector 2.3 has been confirmed to contain vulnerable, though unused, OpenSSL libraries and is therefore classified as ‘Vulnerable’ in the Heartbleed Advisory. A patch to remove these unused libraries is available. Please refer to the Advisory for additional information and next steps, if applicable.

John Choi · ‎07-16-2014

Hello Kevin,

Could you help provide any URL's that can point the customers or EPMs (such as myself) can download the patch, and maybe even provide details on the process?

Thank you,

John

Kevin Ohlson · ‎07-23-2014

Hi John,

For PSIRT vulnerabilities, it’s best to follow the process outlined on the Security Advisory page. The link for this vulnerability, [CSCuo29151], contains a description and links to relevant information, including a link to the known fixed release.

Thanks,

- Kevin