I did not say upgrade openssl or compile it yourself ;-)

I said upgrade components as fast as possible, on appliances the vendor is in general the

one to provide the upgrades. I ll try to fix my text ;-)

If you google for openssl bug heartbeat you will find a lot more info about the issue and how to test your components.

There are some test tools like:

https://github.com/FiloSottile/Heartbleed

https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl

I am not so sure if I would use the online tests as they would not work towards you internal systems

and you do not know what these sites will do with the information which they gather, ...

For now I would say it does not matter if there is a stone age old VCS which does not have

this bug as they have other issues.

I had tested it at least towards X7.2.2 and X8.1 and they are affected.

With the X8.1 incompatibility for the traversal zone I really want to see that there is a fix for the X7 tree as well. And like you said, Cisco (and all other vendors) shall react quick.

Or, even better, release a new version of 8.1.x with OpenSSL fix and backward compatibility option :)

+5 to that!

PS - There's now a security advisory for this: cisco-sa-20140409-heartbleed

Edit: I missed the security advisory in Martin's initial post, it's noted there too.

Wayne
--
Please remember tor rate responses and to mark your question as answered if appropriate.

I said this before, it has to be both. But these security bugs needs to be fixed in X7 as well.

If not it would be quite limited to have the backwards compatilibty ;-)

The question would be forward security.

Not getting "bad people" access to a key which had been used for some time can also be beneficial.

If traffic was captured before it might be possible to decrypt it with a key later gathered.

So there can be a value of changing a key.

>can anyone (maybe Martin) tell me a little bit more about the vulnerabilities of the VCS ?

The vunerability is with the SSL software library the product uses - OpenSSL

The heartbleed vulnerability is a problem where an attacker through simply setting up a SSL session to the device can access portions of the memory of the process.. and in turn obtain access to information that normally is protected in the SSL session... and information in the SSL service itself, including the private key for the x509 certificate the device is using.  This is so significant because once an attacker has the private key used by the service... they can decode data sent to the service by others and impersonate the service itself.  PKI x509 certificate security is predicated on the notion that your private key is kept secure and no one but you knows it -- this exploit can leak that key effectively compromising the SSL security layer and the certificates themselves. 

>First of all I assume that the vulnerability only exists for devices that are reachable from the Internet.

Depends on where your attacker is... if they have access to a port using SSL.. then there is an issue. You can block the internet users, but that won't prevent someone behind your firewall doing the same.

>If a vulnerability scan also identifies communication on Port 5061 with the VCS Expressway what does this mean ?

Port 5061 is TLS (SSL) encrypted SIP port.  It uses SSL as well.. so in theory the service interface is vulnerable there as well.  Any payload entrusted to that port and the certificates/keys used by that service are at risk of exposure.  

What you need to know is, your certificates can no longer be trusted, they should be revoked and new certificates used.  Until you are upgraded and new certificates are in use, SSL traffic should not be assumed to be secure and there are risks of man-in-the-middle and impersonation attacks as long as your old certificates are still marked as valid in the wild.

Does this exploit expose media encryption or only sip signaling and management traffic like SSH,HTTPS?

-Tom

Tom: from how I see it it ssh uses openssl as well but not the heartbeat functionality, so it does not seem to be affected in general.

HTTPS and SIPS are affected here, you can use the above listed tools to see that both 443 and 5061 give positive results (to get the key)

The result of this bug is that the attacker can read out the private encryption key.

By that all SIPS and HTTPS traffic have to be seen as compromised. In addition the existing key has to be seen as compromised as well.

Most VCS installs I have seen do not verify the certificates which opens man in the middle

attacks anyhow, but with this it can risk where that is enabled a man in the middle could be active.

The worst case I see is:

* current media traffic can be decrypted (man in the middle)

* captured (historical) media traffic can be decrypted a well

As you asked yourself, it would be good to know the impact for the VCS.

How about h323 calls, signaling in general, media/srtp, management (http/https),

passwords in SIPS and https, ...

I would also like to see an answer by Cisco on that.

"I would also like to see an answer by Cisco on that."

We have to defer people to Cisco PSIRT on topics like this...

But speaking generally, one would scrutinize anything that uses SSL/TLS sessions.  H323 doesn't use SSL, SIP can, SRTP is payload encryption, not transport, HTTPS does..

What is exposed or not really is more about 'the potential' vs 'handed on a silver patter'.  The notion that the encryption keys are at risk is what makes the wide open risks.  I found this article from Wired interesting in they spoke towards the difficultly in exploiting the memory leak itself.  http://www.wired.com/2014/04/nsa-heartbleed  

I personally am more worried about the encryption being compromised than I am about real-time leaking of other payload through the exploit.

Sadly the PSIRT page is not very verbose, I did not even see a bug number for the VCS issue, nor detailed information.

For example, if you decode the SIPS messages with the session setup for the SRTP, can you decode the media because you have the SSL key and you get the SRTP negotiation?

The signaling of h323 does not use encryption at all, which is not good anyhow.

It is not about using SSL itself, or is the key which is revealed by the bug also used for example for encrypting the h323 media?

What services is this key used for, sips, https, ssh, srtp, ...?

Can you "only" do a Man in the middle attack or also decrypt captured / historical information, ...

So many unanswered questions.
 

"Sadly the PSIRT page is not very verbose, I did not even see a bug number for the VCS issue, nor detailed information."

You can always try calling them or emailing them :)

"For example, if you decode the SIPS messages with the session setup for the SRTP..."

Not speaking directly towards the vunerability..  it would depend on the key negotiation being done for the SRTP session if that's decodable.  That's a topic of 'is TLS required to make SRTP secure?'

"It is not about using SSL itself, or is the key which is revealed by the bug also used for example for encrypting the h323 media?"

All the media encryption stuff uses dynamically generated keys... the point of the certificates and their private keys in SSL is to authenticate and securely exchange those dynamic keys (your private key is not what the AES encryption uses, etc).  H.323 media encryption doesn't use a secure exchange like that at the start..  and its why the only way you validate h323 encryption is by comparing the hashes.