Cisco FREAKs out, starts epic OpenSSL bug-splat
Happy weekend, network admins
Cisco admins will be watching and waiting for fixes, with the company announcing that many of its OpenSSL implementations are carrying a bunch of post-POODLE fleas.
The Borg has been looking over its kit and software since the OpenSSL project disclosed a bunch of vulns in January, and on March 10 detailed the impacts it's discovered so far.
The list includes the notorious “FREAK” bug – CVE-2015-0204 – and Cisco's advisory contains an exhaustive list of products vulnerable, not vulnerable, and still under investigation.
Everything from switches to software, telepresence to firewalls, is on the long list. The company working through patches and fixes that it will provide at no charge to customers as they're ready.
Systems confirmed vulnerable include Webex servers, its OpenFlow agent, various AnyConnect clients, Jabber products including the SDK, network application acceleration modules, security appliances, network management, a handful of routing and switching products, blade servers in the unified computing range, 20 voice / unified communications products, 38 video systems, six hosted services, and one wireless LAN controller. ®