This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Heartbleed OpenSSL Vulnerability in NMS/Oneview or Wireless Controller

Heartbleed OpenSSL Vulnerability in NMS/Oneview or Wireless Controller

Skowronek__Kurt
New Contributor

‎04-09-2014 08:34 PM

Are NMS/Oneview, or the wireless controller at risk of the Heartbleed OpenSSL vulnerability? What revision levels are at risk? Is there a corporate statement of exposure risk and mitigation?
See similar post about XOS.
https://community.extremenetworks.com/extreme/topics/heartbleed_openssl_vulnerability
0 Kudos
4 REPLIES 4

Paul_Poyant
New Contributor III

‎04-14-2014 04:45 PM

See also, in the FAQ section of this forum:
16131, "Extreme Networks Response to US-CERT Vulnerability Advisory VU#720951" (http://bit.ly/1n6cUcI).
0 Kudos

Arun_Solleti
Extreme Employee

‎04-10-2014 01:54 PM

Hi

The version of OpenSSL used on the controller and legacy AP models i.e. 26xx & 36xx does not contain (or need) the functionality that is vulnerable to heartbleed.

The version of OpenSSL on the 37xx and 38xx series APs is custom built without the functionality that is vulnerable to heartbleed.

So no risk for IdentiFi products due to this vulnerability.

Thanks
Arun
0 Kudos

Paul_Russo
Extreme Employee

‎04-10-2014 11:17 AM

Hello Kurt

We will be publishing a formal document on what products are vulnerable and when they will be fixed in the next day or so.

Thanks
P
0 Kudos

Jeff_Creek
New Contributor

‎04-10-2014 10:01 AM

Netsite 5.0.0.231
SIEM 7.7.2 Patch 1 (Build 614901 (7.2.0.614901))
use libssl.so.1.0.0.

NAC Gateway 5.0.0.231
uses libssl.so 0.9.8

So it looks like those versions are not vulnerable.

0 Kudos
Top
GTM-P2G8KFN