Advertisement
 

OpenSSL Heartbleed Vulnerability discovered

User Rating: / 0
PoorBest 
Thursday, 10 April 2014

OpenSSL Heartbleed Vulnerability discovered

 

security_image.jpg

 

On April 7th there was a serious security flaw discovered with OpenSSL and the problem is being called “Heartbleed”. Some major companies have been affected by the security flaw including Google, AWS and Rackspace, which plan to release patches quickly to fix the issue. Any company that uses OpenSSL to terminate SSL connections could find themselves facing issues with Heartbleed. To be proactive to the growing news we’ve received statements from Peplink to inform customers that their routing platforms aren’t affected by the Heartbleed OpenSSL Flaw:

Peplink/Pepwave Statement:

“On April 7th, a serious security issue called "Heartbleed" in OpenSSL was made public. We have since reviewed our products and online services for the impact.

Peplink has verified and confirmed that all of our products are not affected by this vulnerability - including Balance, MAX, FusionHub, AP One/Pro, Surf, Device Connector families.

As for the online services, they are either unaffected or we have been able to apply mitigation to fully resolve the issue.

There is no customer action required on your part.

Thank you for your attention.

The Peplink Team“   

3Gstore.com Statement:

We have ran internal tests to check for the OpenSSL security vulnerability and passed the check. 3Gstore remains PCI Compliant and is unaffacted by the security flaw! When you shop with 3Gstore you can ensure that your data is safe and you'll experience a smooth transaction and speedy delivery of equipment. 

Cradlepoint Statement:

In response to the critical security vulnerability discovered in the OpenSSL cryptography software library (CVE-2014-0160), nicknamed “Heartbleed,” CradlePoint has taken steps to incorporate the OpenSSL version 1.0.1g into its latest firmware and Enterprise Cloud Manager. The purpose of this email is to inform you of the vulnerabilities and the steps necessary to remediate this issue.

If exploited, this vulnerability could allow attackers to monitor all information passed between a user and a web service or decrypt past traffic they’ve collected. More details can be found here: http://heartbleed.com.

Affected Products

CradlePoint recommends immediately upgrading products to the upcoming firmware versions (available 4/14/14) in order to mitigate this vulnerability. The following are affected products (with firmware versions 4.2.0 and later):

  • AER 2100

  • ARC MBR1400

  • MBR1400

  • MBR1200B

  • ARC CBA750B

  • CBA750B

  • COR IBR600

  • COR IBR650

  • CBR400

  • CBR450

  • MBR95

WAN INTERFACES

On WAN interfaces routers were only exposed to risk under the following conditions:

1) Remote access is enabled (setting disabled by default)

2) AND remote administration access control is not enabled (setting disabled by default).

 

LAN INTERFACES

On LAN interfaces routers were only exposed under the following conditions:

If the network allows Admin Access, which is the default for the Primary LAN. Guest LAN default settings do not allow Admin Access and are not exposed to this vulnerability. Admin Access can be checked using the Network Settings / WiFi / Local Networks tab, listed for each network in the “Access Control” section.

PLEASE NOTE: Product firmware is still affected by this bug and CradlePoint recommends firmware upgrades for all affected products.


Products Not Affected

  • CBA750 (prior version to CBA750B)

  • CTR35

  • CTR250

  • CTR350

  • CTR500

  • CX111 (Juniper)

  • MBR90

  • MBR800

  • MBR900

  • MBR1000

  • MBR1100

  • MBR1200 (prior version to CBA1200B

  • PHS300

  • PHS2000W

Firmware Patch Available 4/14/2014

  • 5.1.1 – AER 2100, ARC MBR1400, MBR1400, MBR1200B, ARC CBA750B, CBA750B, COR IBR600, COR IBR650

  • 5.0.4 – MBR95

Download the latest firmware (new versions available 4/14/14).

Sierra Wireless Statement: 

This bulletin provides information about the impact of CVE-2014-01601 on AirLink gateways.

 

AirLink gateways running ALEOS are not affected by the issue described in CVE-2014-0160. Known as 'Heartbleed'.

 

Update: You can use this website to check any server to see if they were inpacted by Heartbleed - http://filippo.io/Heartbleed/




Last Updated ( Wednesday, 16 April 2014 )
 
< Prev   Next >

EVDO News, Tips, Products, Reviews, Verizon and Sprint Experts.
Welcome to the #1 source for EVDO Information. Search our EVDO forums, read our EVDO Blogs, check EVDO coverage and when ready, buy your EVDO products from us, your EVDO Experts. Call us @ 1-866-3GSTORE.
 
The image “http://www.evdoinfo.com/images/stories/evdo_easy_button.jpg” cannot be displayed, because it contains errors.
 

CrawlTrack: free crawlers and spiders tracking script for webmaster- SEO script -script gratuit de dÔøΩtection des robots pour webmaster