https://community.extremenetworks.com/t5/extremeswitching-exos-switch/heartbleed-openssl-vulnerability-in-nms-oneview-or-wireless/m-p/45835#M11516 See also, in the FAQ section of this forum:<BR /> 16131, "Extreme Networks Response to US-CERT Vulnerability Advisory VU#720951" (<A href="http://bit.ly/1n6cUcI)" target="_blank" rel="nofollow noreferrer noopener">http://bit.ly/1n6cUcI)</A>. Mon, 14 Apr 2014 23:45:00 GMT Paul_Poyant 2014-04-14T23:45:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/heartbleed-openssl-vulnerability-in-nms-oneview-or-wireless/m-p/45831#M11512 Are NMS/Oneview, or the wireless controller at risk of the Heartbleed OpenSSL vulnerability? What revision levels are at risk? Is there a corporate statement of exposure risk and mitigation?<BR /> See similar post about XOS.<BR /> <A href="https://community.extremenetworks.com/extreme/topics/heartbleed_openssl_vulnerability" target="_blank" rel="nofollow noreferrer noopener">https://community.extremenetworks.com/extreme/topics/heartbleed_openssl_vulnerability</A><BR /> Thu, 10 Apr 2014 03:34:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/heartbleed-openssl-vulnerability-in-nms-oneview-or-wireless/m-p/45831#M11512 Skowronek__Kurt 2014-04-10T03:34:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/heartbleed-openssl-vulnerability-in-nms-oneview-or-wireless/m-p/45832#M11513 Netsite 5.0.0.231 <BR /> SIEM <B>7.7.2 Patch 1 (Build 614901 (7.2.0.614901))<BR /> </B>use libssl.so.1.0.0. <BR /> <BR /> NAC Gateway 5.0.0.231<BR /> uses libssl.so 0.9.8<BR /> <BR /> So it looks like those versions are not vulnerable.<BR /> <BR /> Thu, 10 Apr 2014 17:01:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/heartbleed-openssl-vulnerability-in-nms-oneview-or-wireless/m-p/45832#M11513 Jeff_Creek 2014-04-10T17:01:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/heartbleed-openssl-vulnerability-in-nms-oneview-or-wireless/m-p/45833#M11514 Hello Kurt<BR /> <BR /> We will be publishing a formal document on what products are vulnerable and when they will be fixed in the next day or so.<BR /> <BR /> Thanks<BR /> P<BR /> Thu, 10 Apr 2014 18:17:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/heartbleed-openssl-vulnerability-in-nms-oneview-or-wireless/m-p/45833#M11514 Paul_Russo 2014-04-10T18:17:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/heartbleed-openssl-vulnerability-in-nms-oneview-or-wireless/m-p/45834#M11515 Hi<BR /> <BR /> The version of OpenSSL used on the controller and legacy AP models i.e. 26xx &amp; 36xx does not contain (or need) the functionality that is vulnerable to heartbleed.<BR /> <BR /> The version of OpenSSL on the 37xx and 38xx series APs is custom built without the functionality that is vulnerable to heartbleed.<BR /> <BR /> So no risk for IdentiFi products due to this vulnerability.<BR /> <BR /> Thanks<BR /> Arun Thu, 10 Apr 2014 20:54:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/heartbleed-openssl-vulnerability-in-nms-oneview-or-wireless/m-p/45834#M11515 Arun_Solleti 2014-04-10T20:54:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/heartbleed-openssl-vulnerability-in-nms-oneview-or-wireless/m-p/45835#M11516 See also, in the FAQ section of this forum:<BR /> 16131, "Extreme Networks Response to US-CERT Vulnerability Advisory VU#720951" (<A href="http://bit.ly/1n6cUcI)" target="_blank" rel="nofollow noreferrer noopener">http://bit.ly/1n6cUcI)</A>. Mon, 14 Apr 2014 23:45:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/heartbleed-openssl-vulnerability-in-nms-oneview-or-wireless/m-p/45835#M11516 Paul_Poyant 2014-04-14T23:45:00Z