cancel
Showing results for 
Search instead for 
Did you mean: 

Heartbleed OpenSSL Vulnerability in NMS/Oneview or Wireless Controller

Heartbleed OpenSSL Vulnerability in NMS/Oneview or Wireless Controller

Skowronek__Kurt
New Contributor
Are NMS/Oneview, or the wireless controller at risk of the Heartbleed OpenSSL vulnerability? What revision levels are at risk? Is there a corporate statement of exposure risk and mitigation?
See similar post about XOS.
https://community.extremenetworks.com/extreme/topics/heartbleed_openssl_vulnerability
4 REPLIES 4

Paul_Poyant
New Contributor III
See also, in the FAQ section of this forum:
16131, "Extreme Networks Response to US-CERT Vulnerability Advisory VU#720951" (http://bit.ly/1n6cUcI).

Arun_Solleti
Extreme Employee
Hi

The version of OpenSSL used on the controller and legacy AP models i.e. 26xx & 36xx does not contain (or need) the functionality that is vulnerable to heartbleed.

The version of OpenSSL on the 37xx and 38xx series APs is custom built without the functionality that is vulnerable to heartbleed.

So no risk for IdentiFi products due to this vulnerability.

Thanks
Arun

Paul_Russo
Extreme Employee
Hello Kurt

We will be publishing a formal document on what products are vulnerable and when they will be fixed in the next day or so.

Thanks
P

Jeff_Creek
New Contributor
Netsite 5.0.0.231
SIEM 7.7.2 Patch 1 (Build 614901 (7.2.0.614901))
use libssl.so.1.0.0.

NAC Gateway 5.0.0.231
uses libssl.so 0.9.8

So it looks like those versions are not vulnerable.

GTM-P2G8KFN