pdated on 7th May 2014. In response to the very real threat posed by the OpenSSL vulnerability ‘heartbleed’ Cisco have released a list of their affected (or not) products. What worries me is that the list isn’t comprehensive – the only units I was concerned about were the UC500 systems, none of which are listed). If you have any Juniper Networks products, check out the Juniper Networks Heartbleed Vulnerability list here.
While not much good to network administrators, I’ve been sending users to this $1 guide about cyber security, I just wish there was a paper copy so I could have a few kicking around the office: CyberSecurity, Safety and Privacy: 60 Vital Tips to Help Protect Your Personal Security, Identity and Privacy.
UPDATE: Within hours of posting this, Nigel Glennie of Cisco got in touch (see comment below) and confirmed that the UC500 series (and that Cisco IOS in general) is not vulnerable to the Heartbleed bug! Thanks Nigel!
The Cisco Heartbleed Vulnerability List
Cisco Products Vulnerable to Heartbleed
- Cisco Agent for OpenFlow [CSCuo30098]
- Cisco AnyConnect Secure Mobility Client for iOS [CSCuo17488]
- Cisco ASA CX Context-Aware Security [CSCuo24523]
- Cisco Desktop Collaboration Experience DX650 [CSCuo16892]
- Cisco Edge 300 Digital Media Player [CSCuo24304]
- Cisco Edge 340 Digital Media Player [CSCuo24301]
- Cisco Expressway Series [CSCuo16472]
- Cisco FireAMP Private Cloud virtual appliance
- Cisco IOS XE [CSCuo19730]
- Cisco Cisco Internet Streamer CDS [CSCuo31566]
- Cisco Jabber Video for TelePresence (Movi) [CSCuo28855]
- Cisco MATE Products [CSCuo54599]
- Cisco Mobility Service Engine (MSE) [CSCuo20622]
- Cisco MS200X Ethernet Access Switch [CSCuo18736]
- Cisco OnePK All-in-One VM [CSCuo19843]
- Cisco ONS 15454 Series Multiservice Provisioning Platforms [CSCuo22921]
- Cisco Prime Collaboration Deployment [CSCuo34385]
- Cisco Prime IP Express [ CSCuo35657]
- Cisco Prime License Manager [CSCuo32735]
- Cisco Prime Network Registrar (CPNR) [CSCun82386]
- Cisco Prime Network Services Controller [CSCuo20385]
- Cisco Prime Security Manager [CSCuo27123]
- Cisco Security Manager [CSCuo19265]
- Cisco Small Business ISA500 Series Integrated Security Appliances [CSCuo29778]
- Cisco TelePresence 1310 [CSCuo20210]
- Cisco TelePresence Conductor [CSCuo20306]
- Cisco TelePresence EX Series [CSCuo26378]
- Cisco Telepresence Integrator C Series [CSCuo26378]
- Cisco TelePresence IP Gateway Series [CSCuo21597]
- Cisco TelePresence ISDN GW 3241 [CSCuo21486]
- Cisco TelePresence ISDN GW MSE 8321 [CSCuo21486]
- Cisco TelePresence ISDN Link [CSCuo26686]
- Cisco TelePresence MX Series [CSCuo26378]
- Cisco TelePresence Profile Series [CSCuo26378]
- Cisco TelePresence Serial Gateway Series [CSCuo21535]
- Cisco TelePresence Server 8710, 7010 [CSCuo21468]
- Cisco TelePresence Server on Multiparty Media 310, 320 [CSCuo21468]
- Cisco TelePresence Server on Virtual Machine [CSCuo21468]
- Cisco TelePresence System 1000 [CSCuo20210]
- Cisco TelePresence System 1100 [CSCuo20210]
- Cisco TelePresence System 1300 [CSCuo20210]
- Cisco TelePresence System 3000 Series [CSCuo20210]
- Cisco TelePresence System 500-32 [CSCuo20210]
- Cisco TelePresence System 500-37 [CSCuo20210]
- Cisco TelePresence Supervisor MSE 8050 [CSCuo21584]
- Cisco TelePresence SX Series [CSCuo26378]
- Cisco TelePresence TX 9000 Series [CSCuo20210] Version 6.1.2.0 and prior
- Cisco TelePresence Video Communication Server (VCS) [CSCuo16472]
- Cisco Unified 7800 Series IP Phones [CSCuo16987]
- Cisco Unified 8961 IP Phone [CSCuo16938]
- Cisco Unified 9951 IP Phone [CSCuo16938]
- Cisco Unified 9971 IP Phone [CSCuo16938]
- Cisco Unified Communications Manager (UCM) 10.0 [CSCuo17440]
- Cisco Unified Communications Manager Session Management Edition (SME) [CSCuo17440]
- Cisco Unified Presence Server (CUPS)[CSCuo21298], [CSCuo21289]
- Cisco Unity Connection (UC)[CSCuo30540]
- Cisco Universal Small Cell 5000 Series running V3.4.2.x software [CSCuo22301]
- Cisco Universal Small Cell 7000 Series running V3.4.2.x software [CSCuo22301]
- Cisco Video Distribution Suite for Internet Streaming VDS-IS [CSCuo43012]
- Cisco Video Surveillance 3000 Series IP Cameras [CSCuo37282]
- Cisco Video Surveillance 4000 Series IP Cameras [CSCuo37288]
- Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras [CSCuo37283]
- Cisco Video Surveillance 6000 Series IP Cameras [CSCuo37282]
- Cisco Video Surveillance 7000 Series IP Cameras [CSCuo37282]
- Cisco Video Surveillance PTZ IP Cameras [CSCuo37282]
- Cisco WebEx Meetings for Android [CSCuo20617]
- Cisco WebEx Meetings Server (client) [CSCuo29780]
- Cisco WebEx Meetings Server versions 2.x [CSCuo17528]
- Cisco WebEx Node for ASR 1000 Series [CSCuo33614]
- Cisco WebEx Node for MCS [CSCuo33612]
- Cisco Wireless Location Appliance [CSCuo20622]
- Small Cell factory recovery root filesystem V2.99.4 or later [CSCuo22358]
- Tandberg Codian MSE 8320 model [CSCuo21486]
- Tandberg Codian ISDN GW 3210/3220/3240 [CSCuo21486]
Cisco Services Identified as Vulnerable to Heartbleed:
- Cisco Partner Support Services
Cisco hosted services were previously identified as vulnerable and have been re-mediated:
(I recommend you change your passwords for these services ASAP)
- Cisco Registered Envelope Service (CRES)
- Cisco USC Invicta Series Autosupport Portal
- Cisco Webex Messenger Service
Cisco Products NOT Vulnerable to Heartbleed
- Cisco 1000 Series Connected Grid Routers
- Cisco 200 Series Smart Switches
- Cisco 300 Series Managed Switches
- Cisco 500 Series Stackable Managed Switches
- Cisco ACE Application Control Engine Appliance
- Cisco ACE Application Control Engine Module (ACE10, ACE20, ACE30)
- Cisco ACE Global Site Selector Appliances (GSS)
- Cisco Adaptive Security Appliance (ASA) Software
- Cisco Adaptive Security Device Manager (ASDM)
- Cisco Agent Desktop
- Cisco Anomaly Guard Module
- Cisco AnyConnect Secure Mobility Client for Android
- Cisco AnyConnect Secure Mobility Client for desktop platforms
- Cisco Application and Content Networking System (ACNS) Software
- Cisco Application Networking Manager (ANM)
- Cisco ASR 5000 Series
- Cisco Broadband Access Center Telco Wireless
- Cisco Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module (FWSM)
- Cisco Catalyst Operating System (CatOS)
- Cisco Computer Telephony Integration Object Server (CTIOS)
- Cisco Configuration Professional
- Cisco Connected Grid Device Manager
- Cisco Connected Grid Network Management System
- Cisco Content Security Management Appliance (SMA)
- Cisco Content Switching Module with SSL (CSM-S)
- Cisco CSS 11500 Series Content Services Switches
- Cisco CVR100W Wireless-N VPN Router
- Cisco D9034-S Encoder
- Cisco D9036 Modular Encoding Platform
- Cisco D9054 HDTV Encoder
- Cisco D9804 Multiple Transport Receiver
- Cisco D9824 Advanced Multi Decryption Receiver
- Cisco D9854/D9854-I Advanced Program Receiver
- Cisco D9858 Advanced Receiver Transcoder
- Cisco D9859 Advanced Receiver Transcoder
- Cisco D9865 Satellite Receiver
- Cisco DCM Series D9900 Digital Content Manager
- Cisco Digital Media Manager (DMM)
- Cisco Digital Media Players
- Cisco DPC/EPC 2202 VoIP Cable Modem
- Cisco DPC/EPC 2203 VoIP Cable Modem
- Cisco DPC/EPC 3208 VoIP Cable Modem
- Cisco DPC/EPC2100 Cable Modem
- Cisco DPC/EPC2325 Residential Gateway with Wireless Access Point
- Cisco DPC/EPC2425 Wireless Residential Gateway with Embedded Digital VoiceAdapter
- Cisco DPC/EPC2434 VoIP Wireless Home Gateway
- Cisco DPC/EPC2505 Cable Modem
- Cisco DPC/EPC2607 Cable Modem
- Cisco DPC/EPC3010 Cable Modem
- Cisco DPC/EPC3212 VoIP Cable Modem
- Cisco DPC2320 and EPC2320 Wireless Residential Gateway
- Cisco DPC2325R2 and EPC2325R2 Wireless Residential Gateway
- Cisco DPC2420 and EPC2420 Wireless Residential Gateway with Embedded DigitalVoice Adapter
- Cisco DPC3000/EPC3000 Cable Modem
- Cisco DPC3008/EPC3008 Cable Modem
- Cisco DPC3825 and EPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco DPC3827 and EPC3827 Wireless Residential Gateway
- Cisco DPC3828 and EPC3828 DOCSIS/EuroDOCSIS 3.0 8×4 Wireless Residential Gateway
- Cisco DPC3925 and EPC3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
- Cisco DPC3928 and EPC3928 DOCSIS/EuroDOCSIS 3.0 8×4 Wireless Residential Gateway with Embedded Digital Voice Adapter
- Cisco DPC3939 DOCSIS 3.0 16×4 Wireless Residential Voice Gateway
- Cisco DPQ/EPQ2160 DOCSIS 2.0 Cable Modem
- Cisco DPQ2202 VoIP Cable Modem
- Cisco DPQ2425 Wireless Residential Gateway with Digital Voice Adapter
- Cisco DPQ3212 VoIP Cable Modem
- Cisco DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
- Cisco DPR/EPR2320, DPR2325 Cable Modem with Wireless Access Point
- Cisco DPR362 Cable Modem and Router
- Cisco DPX/EPX 2203 VoIP Cable Modem
- Cisco DPX/EPX 2203C VoIP Cable Modem
- Cisco DPX/EPX2100 Cable Modem
- Cisco DPX100/120 Cable Modem
- Cisco DPX110 Cable Modem
- Cisco DPX130 Cable Modem
- Cisco DPX213 VoIP Cable Modem
- Cisco DPX2213 VoIP Cable Modem
- Cisco Email Security Appliance (ESA)
- Cisco Emergency Responder (CER)
- Cisco Enterprise Content Delivery System (ECDS)
- Cisco ESW2 Series Advanced Switches
- Cisco Extensible Network Controller (XNC)
- Cisco Finesse
- Cisco Identity Service Engine (ISE)
- Cisco Insight Reporter
- Cisco Integrated Management Controller (IMC)
- Cisco Intelligent Automation for Cloud
- Cisco IOS XR
- Cisco IOS
- Cisco IP Communicator
- Cisco IP Video Phone E20
- Cisco IPS
- Cisco IronPort Encryption Appliance (IEA)
- Cisco Jabber for Android
- Cisco Jabber for iOS
- Cisco Jabber for Mac
- Cisco Jabber for Windows
- Cisco Jabber Software Development Kit
- Cisco Jabber Video for iPad
- Cisco Jabber Voice for Android
- Cisco Jabber Voice for iPhone
- Cisco Linear Stream Manager
- Cisco MDS Switches
- Cisco MediaSense
- Cisco Meraki Cloud Managed Indoor Access Points
- Cisco Meraki Cloud-Managed Outdoor Access Points
- Cisco Meraki MS Access Switches
- Cisco Meraki MX Security Appliances
- Cisco Mobile Wireless Transport Manager
- Cisco Model DPC2420R2 and EPC2420R2 Wireless Residential Gateway with Digital Voice
- Cisco Model DPC2425R2 and EPC2425R2 Wireless Residential Gateway with Digital Voice
- Cisco Multicast Manager
- Cisco MXE 3500 Series
- Cisco MXE 5600 Series
- Cisco NAC Agent (Clean Access) for Mac
- Cisco NAC Agent (Clean Access) for Web
- Cisco NAC Agent (Clean Access) for Windows
- Cisco NAC Appliance
- Cisco NAC Guest Server
- Cisco NAC Manager
- Cisco NetFlow Generation 3000 Series Appliance
- Cisco Nexus 1000V Switch for Microsoft Hyper-V
- Cisco Nexus 1000V Switch for VMware vSphere
- Cisco Nexus 1010 Virtual Services Appliance
- Cisco Nexus 1100 Virtual Services Appliances
- Cisco Nexus 2000 Series Fabric Extenders
- Cisco Nexus 3000 Series Switches
- Cisco Nexus 4000 Series Switches
- Cisco Nexus 5000 Series Switches
- Cisco Nexus 6000 Series Switches
- Cisco Nexus 7000 Series Switches
- Cisco Nexus 9000 Series Switches
- Cisco ONS 15100 Series
- Cisco ONS 15200 Series DWDM Systems
- Cisco ONS 15300 Series
- Cisco ONS 15500 Series
- Cisco ONS 15600 Series
- Cisco ONS 15800 Series DWDM Platforms
- Cisco Packaged Contact Center Enterprise
- Cisco Paging Server
- Cisco Physical Access Gateways
- Cisco Physical Access Manager
- Cisco PowerVu D9190 Conditional Access Manager (PCAM)
- Cisco Prime Access Registrar
- Cisco Prime Analytics
- Cisco Prime Assurance Manager
- Cisco Prime Cable Provisioning
- Cisco Prime Central for SPs
- Cisco Prime Collaboration Assurance
- Cisco Prime Collaboration Manager
- Cisco Prime Collaboration Provisioning
- Cisco Prime Data Center Network Manager (DCNM)
- Cisco Prime Home
- Cisco Prime Infrastructure
- Cisco Prime LAN Management Solution (LMS)
- Cisco Prime Network
- Cisco Prime Network Analysis Module (NAM)
- Cisco Prime Optical for SPs
- Cisco Prime Performance Manager for SPs
- Cisco Prime Provisioning for SPs
- Cisco Quantum Policy Suite (QPS)
- Cisco Quantum SON Suite
- Cisco Quantum Virtualized Packet Core
- Cisco Remote Silent Monitoring
- Cisco RV016 VPN Router
- Cisco RV042 VPN Router
- Cisco RV082 VPN Router
- Cisco RV110W Wireless-N VPN Router
- Cisco RV120W Wireless-N VPN Router
- Cisco RV180 VPN Router
- Cisco RV180W Wireless-N VPN Router
- Cisco RV215W Wireless-N VPN Router
- Cisco RV220W Wireless-N VPN Router
- Cisco RV315W Wireless-N VPN Router
- Cisco RV320 VPN Router
- Cisco RV325 VPN Router
- Cisco SCE 8000 Series Service Control Engine
- Cisco SCE 2000 Series Service Control Engine
- Cisco SCE 1000 Series Service Control Engine
- Cisco Secure Access Control Server (ACS)
- Cisco Service Control Subscriber Manager
- Cisco Service Control Collection Manager
- Cisco Service Control Application for Broadband
- Cisco Show and Share (SnS)
- Cisco SocialMiner
- Cisco SourceFire appliances (this includes both 3D Systems and SSL appliances)
- Cisco SSL Services Module (SSLM)
- Cisco TelePresence Advanced Media Gateway Series
- Cisco TelePresence Content Server (TCS)
- Cisco TelePresence Exchange System (CTX)
- Cisco TelePresence IP VCR Series
- Cisco TelePresence Management Suite (TMS)
- Cisco TelePresence Management Suite Analytics Extension
- Cisco TelePresence Management Suite Extension for IBM Lotus Notes
- Cisco TelePresence Management Suite Extension for Microsoft Exchange
- Cisco TelePresence Management Suite Network Integration Extension
- Cisco TelePresence Management Suite Provisioning Extension
- Cisco TelePresence Manager (CTSMan)
- Cisco TelePresence MCU all series
- Cisco TelePresence Multipoint Switch (CTMS)
- Cisco TelePresence MXP Series
- Cisco TelePresence Recording Server (CTRS)
- Cisco Traffic Anomaly Detector
- Cisco UC Integration for IBM Sametime
- Cisco UC Integration for Microsoft Lync
- Cisco UC Integration for Microsoft Office Communicator
- Cisco UCS B-Series (Blade) Servers
- Cisco UCS C-Series (Standalone Rack) Servers
- Cisco UCS Central
- Cisco UCS Fabric Interconnects
- Cisco UCS Invicta Series Solid State Systems
- Cisco Unified 3900 series IP Phones
- Cisco Unified 6900 series IP Phones
- Cisco Unified 7900 series IP Phones
- Cisco Unified 8941 IP Phone
- Cisco Unified 8945 IP Phone
- Cisco Unified Attendant Console (all editions)
- Cisco Unified Attendant Console Advanced
- Cisco Unified Client Services Framework
- Cisco Unified Communications 500 Series
- Cisco Unified Communications Domain Manager
- Cisco Unified Communications Manager (UCM) 9.1(2) and earlier
- Cisco Unified Communications Widgets Click To Call
- Cisco Unified Contact Center Enterprise
- Cisco Unified Contact Center Express
- Cisco Unified Customer Voice Portal (CVP)
- Cisco Unified Department Attendant Console
- Cisco Unified E-Mail Interaction Manager (EIM)
- Cisco Unified Enterprise Attendant Console
- Cisco Unified Intelligence Center
- Cisco Unified Intelligent Contact Management Enterprise
- Cisco Unified IP Conference Phone 8831
- Cisco Unified Meeting Place Application Server and Web Server
- Cisco Unified Mobility
- Cisco Unified Operations Manager
- Cisco Unified Personal Communicator
- Cisco Unified Provisioning Manager (CUPM)
- Cisco Unified Quick Connect
- Cisco Unified Service Monitor
- Cisco Unified Service Statistics Manager
- Cisco Unified Sip Proxy
- Cisco Unified Video Advantage
- Cisco Unified Web Interaction Manager (WIM)
- Cisco Video Surveillance Media Server Software
- Cisco Video Surveillance Operations Manager Software
- Cisco Videoscape AnyRes Live (CAL)
- Cisco Videoscape AnyRes VOD (CAV)
- Cisco Virtual Network Management Center
- Cisco Virtualization Experience Media Engine
- Cisco Virtual Security Gateway for Microsoft Hyper-V
- Cisco WAG310G Wireless-G ADSL2+ Gateway with VoIP
- Cisco WAP121 Wireless-N Access Point
- Cisco WAP321 Wireless Access Point
- Cisco WAP4410N Wireless-N Access Point
- Cisco WAP551/561 Wireless-N Access Point
- Cisco Web Security Appliance (WSA)
- Cisco WebEx Connect Client for Windows
- Cisco WebEx Meetings Server versions 1.x
- Cisco WebEx Productivity Tools
- Cisco WebEx Social
- Cisco Wide Area Application Services (WAAS)
- Cisco Wide Area Application Services (WAAS) Express (IOS)
- Cisco Wide Area Application Services (WAAS) Mobile
- Cisco Wireless Control System (WCS)
- Cisco Wireless Lan Controller (WLC)
- CiscoWorks Network Compliance Manager
- CiscoWorks Wireless LAN Solution Engine (WLSE)
- Tandberg 770/880/990 MXP Series
Cisco hosted services NOT vulnerable to Heartbleed
- Cisco Cloud Web Security
- Cisco Meraki Dashboard
- Cisco Proactive Network Operations Center
- Cisco Smart Call Home
- Cisco Smart Care
- Cisco Smart Net Total Care (SNTC)
- Cisco Smart Services Capabilities
- Cisco Universal Small Cell CloudBase
- Cisco WebEx Event Center
- Cisco WebEx Meeting Center
- Cisco WebEx Support Center
- Cisco WebEx Training Center
- Cisco WebEx WebOffice
Cisco Products Requiring Testing for Heartbleed Vulnerability
- Cisco Virtual Security Gateway for VMware
You can see the list on the Cisco website here: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
Hi Bob,
I saw your blog and asked my Cisco colleagues to confirm the status of the UC500. This is an end-of-life/end-of-support-maintenance device that runs Cisco IOS, and we have previously confirmed that Cisco IOS is not vulnerable to this bug. I also understand that the UC500 is in the queue to be added to the advisory. The sixth version of the advisory is due out soon.
Kind regards,
Nigel Glennie
Cisco Corporate Communications
Hi Nigel,
Many thanks for the update and clarification on the Heartbleed status of the UC500 series!
So just to clarify, Cisco IOS is in itself not vulnerable to Heartbleed – are the units confirmed as vulnerable running a different OS? (such as the older CatOS?)
Thanks
Bob
You’re going back a way – we’ve not released a version of CatOS for more than 6 years! To answer your direct question, the products identified as affected in the Security Advisory do not share a common OS. The vulnerability is specific to certain OpenSSL library versions and is independent of the OS.
Cheers,
Nigel.
Ni Nigel – showing my age! 😉
Thanks again for the updates – much appreciated.
Bob