Heartbleed Bug Found in Cisco Routers, Juniper Gear


Slightly sensationalistic article, tends to imply that heartbleed will allow you to capture data-plane traffic on any piece of Cisco/Juniper kit. Either way, as I've said before, if you're exposing *any* management interfaces, be is ssh,netconf or https to the internet in general, you've got bigger issues than just heartbleed. VPN, on the other hand, is a totally different world of pain for this issue. /ruairi On 11 April 2014 12:24, Glen Kent <glen.kent@gmail.com> wrote:
http://online.wsj.com/news/articles/SB10001424052702303873604579493963847851...
Glen

Either way, as I've said before, if you're exposing *any* management interfaces, be is ssh,netconf or https to the internet in general, you've got bigger issues than just heartbleed.
Sure, i agree.
VPN, on the other hand, is a totally different world of pain for this issue.
What about VPNs? Glen
/ruairi
On 11 April 2014 12:24, Glen Kent <glen.kent@gmail.com> wrote:
http://online.wsj.com/news/articles/SB10001424052702303873604579493963847851...
Glen

Didn't Cisco already release a bunch of updates related to Anyconnect and heartbleed? Cheers, Harry On Apr 12, 2014, at 6:03 PM, Lamar Owen <lowen@pari.edu> wrote:
On 04/11/2014 07:16 AM, Glen Kent wrote:
VPN, on the other hand, is a totally different world of pain for this issue.
What about VPNs?
SSL VPN's could possibly be vulnerable.

On 4/12/2014 8:55 PM, Harry Hoffman wrote:
Didn't Cisco already release a bunch of updates related to Anyconnect and heartbleed?
There were AnyConnect for iOS (little "i", not big "I") issues with heartbleed, but everything else has been mostly phone and UCS related. IOS XE is affected if you have enabled https:// administrative interface. Otherwise no (at least not yet, they're still checking). There were, however, four separate security issues released this week that affected SSL VPN, AnyConnect, and ASAs (I had to patch our ASAs even though we do not do SSL VPN or AnyConnect, there is a DoS attack possible via SIP).
participants (5)
-
Glen Kent
-
Harry Hoffman
-
Jeff Kell
-
Lamar Owen
-
Ruairi Carroll