13 Apr
2014
13 Apr
'14
3:37 a.m.
On 4/12/2014 8:55 PM, Harry Hoffman wrote:
Didn't Cisco already release a bunch of updates related to Anyconnect and heartbleed?
There were AnyConnect for iOS (little "i", not big "I") issues with heartbleed, but everything else has been mostly phone and UCS related. IOS XE is affected if you have enabled https:// administrative interface. Otherwise no (at least not yet, they're still checking). There were, however, four separate security issues released this week that affected SSL VPN, AnyConnect, and ASAs (I had to patch our ASAs even though we do not do SSL VPN or AnyConnect, there is a DoS attack possible via SIP).