YOU ARE AT:Network InfrastructureCisco and Juniper detail Heartbleed responses

Cisco and Juniper detail Heartbleed responses

Network equipment vendors Cisco and Juniper are sharing information about their vulnerability to Heartbleed, the software security flaw that could enable hackers to steal passwords and other encrypted data from many of the servers on the Internet.

Cisco says that many of its products “incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server.” The networking giant plans to release free software updates to address the vulnerabilities. The company has created a website to post updates, workarounds, and advisories about which specific software may be affected.

Cisco says its Computer Security Incident Response Team (CSIRT) is investigating Cisco public facing infrastructure that could be susceptible to Heartbleed. In addition, the company is highlighting its own security solutions which can provide visibility into and protection against Heartbleed vulnerability: Sourcefire Next-Generation Intrusion Prevention System (NGIPS) and Cisco Intrusion Prevention System (IPS).

Juniper has listed specific products that may be impacted by Heartbleed, and has posted fixes for some of the affected products.

The Junos Pulse mobile security suite is one of the Juniper products that is vulnerable to Heartbleed. Junos Pulse is a mobile device management solution that offers IT managers a streamlined user interface for the management of virtual private networks and the mobile devices that connect to these networks. The company says that users can decrease their risk by upgrading to 5.0R3 if possible. Junos Pulse for Android version 5.0R3 (44997) is available for download from the Google Play Store. The company says it is working on the Samsung Android variant and the iOS variant of the updated software.

In addition, the company posted the following advisory for users of the Junos Pulse desktop client: Upgrade Junos Pulse clients to versions 5.0R3.1 or 4.0R9.2 using your chosen method of Junos Pulse deployment (through Web browser when users log-in to their SSL VPN session or through software distribution infrastructure). If you used Pulse Client Version 4.0R9.1 – make sure you upgrade to Pulse Client 4.0R9.2.

ABOUT AUTHOR

Martha DeGrasse
Martha DeGrassehttp://www.nbreports.com
Martha DeGrasse is the publisher of Network Builder Reports (nbreports.com). At RCR, Martha authored more than 20 in-depth feature reports and more than 2,400 news articles. She also created the Mobile Minute and the 5 Things to Know Today series. Prior to joining RCR Wireless News, Martha produced business and technology news for CNN and Dow Jones in New York and managed the online editorial group at Hoover’s Online before taking a number of years off to be at home when her children were young. Martha is the board president of Austin's Trinity Center and is a member of the Women's Wireless Leadership Forum.