Risk Management

Heartbleed Bug Found in Corporate Networking Gear

Cisco Systems and Juniper Networks have issued customer alerts saying that some of their routers and switches contain the OpenSSL security flaw.
Vincent RyanApril 10, 2014

The encryption bug Heartbleed is no longer just a software problem. Networking equipment manufacturers Cisco Systems and Juniper Networks said late Thursday that some of their routing and switching products contain the security flaw, according to The Wall Street Journal. The products include routers, switches and firewalls that are used in corporate and home networks.

By exploiting the flaw, hackers could capture usernames, passwords and other sensitive information as it travels across a network.

Cisco Systems alerted customers with a bulletin on Thursday that said 11 products were already confirmed vulnerable and another 66 under investigation, the Journal reported. While Cisco writes a software patch, it is offering customers software that would detect a hacker attack that exploits the vulnerability.

A Better Way to Do Ecommerce

A Better Way to Do Ecommerce

Learn how Precision Medical leveraged OneWorld to cut the cost of billing in half and added $2.5M in annual revenue.

Juniper Networks, meanwhile, told the Journal that updating its equipment to fix the bug could be lengthy and it doesn’t involve just “flipping a switch.” The company issued a statement: “The Juniper Networks Security Incident Response Team (SIRT) is aware of the OpenSSL vulnerability impacting the industry and is working round the clock on fixes to address potential risks to some Juniper products.”

Both companies said customers should expect continual updates to their product advisories.

The bug involves a version of OpenSSL, the open-source browser-encryption standard used by perhaps two-thirds of Internet servers. It’s being called Heartbleed because the bug resides in OpenSSL’s so-called “heartbeat” extension that’s designed to let a secure connection stay open for long periods of time.