In case you’ve been under a rock, there’s a new security vulnerability in town that impacts OpenSSL, which is the defacto standard implementation for SSL/TLS support. It’s called Heartbleed and it impacts anything using OpenSSL 1.0.1 – 1.0.1f or the 1.0.2 beta (though nothing really should be using the beta).
This is a list of networking vendor notices or statements I have found regarding the vulnerability of their products to Heartbleed. I was originally going to put this into a tweet, but it got too long really quick…
Aerohive Networks: Aerohive not vulnerable to Heartbleed
APC: They say nothing is vulnerable. Their KB defies links to it. Search for document “FA228282” at APC Support.
Aruba Networks: OpenSSL 1.0.1 library (Heartbleed) vulnerability
Bluecoat: OpenSSL heartbeat information disclosure (CVE-2014-0160)
Cisco: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Citrix: Citrix Security Advisory for CVE-2014-0160, aka the Heartbleed vulnerability
F5: SOL15159: OpenSSL vulnerability CVE-2014-0160
HP: HP Networking Communication: OpenSSL HeartBleed Vulnerability
Meraki: OPENSSL AND THE HEARTBLEED VULNERABILITY
VMware: Response to OpenSSL security issue CVE-2014-0160/CVE-2014-0346 a.k.a: “Heartbleed” (2076225)
Hope this helps you out!
[Edits: 4/11 – Added Bluecoat, Corrected Meraki link]
FIN