Heartbleed Bug: Cisco And Juniper Networking Products Found To Be Affected By OpenSSL Security Flaw

 @lukeydukeyl.villapaz@ibtimes.com
on April 11 2014 10:43 AM
Heartbleed cisco
Heartbleed's apparent reach has spread to networking products developed by companies such as Cisco and Juniper Networks. Illustration/IBTimes/Luke Villapaz

The Heartbleed bug's reach continued to expand as two prominent networking companies said that some of their products were affected by the widespread security flaw.

Cisco Systems Inc. (Nasdaq:CSCO) and Juniper Networks Inc. (NYSE:JNPR) announced on Thursday that a number of their networking products shipped with the Heartbleed-affected version of OpenSSL, the open-source security implementation of the Secure Socket Layer (SSL) protocol that secures and encrypts online communications.

Major online websites such as Netflix (Nasdaq:NFLX), Amazon.com Inc. (Nasdaq:AMZN) and Google Inc. (Nasdaq:GOOG) were quick to patch the Heartbleed bug. However, fixing the Heartbleed bug present in Cisco and Juniper products may be more problematic, since the flaw affects numerous firewalls, routers, switches, networking equipment and software used by businesses of all sizes.

In a security bulletin published by Cisco, the company said “Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server.”

According to the same bulletin, 16 Cisco products have been confirmed to be affected by the vulnerability and more than 60 products are currently being investigated for the Heartbleed bug.

Juniper Networks has also published their own bulletins, detailing the extent of products affected by the Heartbleed bug and potential workarounds to mitigate the problems caused by the security flaw.

Both companies have been actively working to develop and distribute patches in the meantime.

Unfortunately, for Web users, little can be done on their end to fix the problems caused by the Heartbleed bug, which has affected a number of Web servers, virtual private networks (VPNs) and other devices.

The bulk of the patchwork will need to be done ultimately by the increasing number of companies and vendors whose products were affected by the Heartbleed bug, which was present in OpenSSL software for two years before it was discovered.

Share this article