Cisco experts dish on 'Heartbleed' IP security vulnerability

April 28, 2014
The company has also issued an official, downloadable Security Advisory bulletin.

In the following Youtube video, posted April 25, IP security experts Craig Williams and Jaeson Schultz of Cisco discuss the Heartbleed online security vulnerability and developments in handling the bug since its public disclosure two weeks ago. Cisco has also issued an official, downloadable "Security Advisory" bulletin entitled, OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products.

"Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. The vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension," summarizes the advisory note.

Related: Target stores' data breach exposes major security threat of POS malware

The note continues, " An attacker could exploit this vulnerability by implementing a malicious TLS or Datagram Transport Layer Security (DTLS) client, if trying to exploit the vulnerability on an affected server, or a malicious TLS or DTLS server, if trying to exploit the vulnerability on an affected client. An exploit could send a specially crafted TLS or DTLS heartbeat packet to the connected client or server. An exploit could allow the attacker to disclose a limited portion of memory from a connected client or server for every heartbeat packet sent. The disclosed portions of memory could contain sensitive information that may include private keys and passwords."

Among the affected products and services which have had their exposure to the Heartbleed vulnerability confirmed are the Cisco Video Surveillance 3000/4000/6000/7000 Series IP cameras; its 4300E/4500E High-Definition IP cameras; and its PTZ IP cameras. A full -- and extensive -- list of affected and potentially affected products and services is available in the Security Advisory bulletin.

View/Download Cisco's 'OpenSSL Heartbeat Extension Vulnerability' Security Advisory

About the Author

Matt Vincent | Senior Editor

Matt Vincent is a B2B technology journalist, editor and content producer with over 15 years of experience, specializing in the full range of media content production and management, as well as SEO and social media engagement best practices, for both Cabling Installation & Maintenance magazine and its website CablingInstall.com. He currently provides trade show, company, executive and field technology trend coverage for the ICT structured cabling, telecommunications networking, data center, IP physical security, and professional AV vertical market segments. Email: [email protected]

Sponsored Recommendations

imVision® - Industry's Leading Automated Infrastructure Management (AIM) Solution

May 29, 2024
It's hard to manage what you can't see. Read more about how you can get visiability into your connected environment.

Adapt to higher fiber counts

May 29, 2024
Learn more on how new innovations help Data Centers adapt to higher fiber counts.

Going the Distance with Copper

May 29, 2024
CommScopes newest SYSTIMAX 2.0 copper solution is ready to run the distanceand then some.