This afternoon, engineers at Cisco took to the company’s advisory alert board to post information regarding more devices that could be affected by the Heartbleed bug, including a detailed list as to exactly which network hubs, switches, and unified communication hubs have been made vulnerable as a result of the leak in OpenSSL code.
For those out of the know, unified communications are a digital, ubiquitous, and often cloud-based technology that are set on replacing traditional PBX systems for business phone directory management in the next several years.
The adoption rate by most companies has been fairly slow, so the impact radius of this announcement isn’t nearly as bad as it could have been, and doesn’t effect the majority of home consumer products or customers from what we can tell thus far.
“Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server,” the networking giant explains. Cisco is currently investigating its product line to determine which products may be affected by this vulnerability and the impact on the affected product. This advisory will be updated as additional information becomes available.”
Out of the 30-some odd named pieces of equipment vulnerable, two products; the Cisco Registered Envelope Service and Cisco Webex Messenger Service, have already been patched up and cleaned out by the network backbone manufacturing giant.
Juniper also had a chance to chime in regarding the security of their products in the wake of Heartbleed, however unlike Cisco, they were intentionally vague about how many devices under their umbrella might carry a risk at this time.
Just in case you’re someone who uses these types of systems at work, or have an application installed on your phone that connects to one of them at the office, you can read over the full list of affected devices and services here.