Support
Community

mick · ‎04-10-2014

Hi,

Should I be replacing my VPN SSL certificates as well as the device passwords immediately, or should I wait for a new firmware to come out first?

Regards,

Mick

Anonymous · ‎04-10-2014

Hi mick:

I conducted testing today and found no AOS-based products to be vulnerable to Heartbleed. I tested a few NetVanta switch and router products across a few R10+ and pre-R10 software versions without any vulnerability detected. Perhaps ADTRAN will provide an official statement, but my own anecdotal testing turns up negative for AOS. At least one other ADTRAN product is known to be vulnerable.

This does not mean that web servers behind an AOS firewall are safe. If you have port-forwarding to an HTTPS server running a version of OpenSSL that is vulnerable, then that server needs to be patched. The port-forwarding could be removed to block traffic as a short-term way to mitigate risk.

Best,

CJ

mick · ‎04-11-2014

Thanks CJ,

I also tested the 3120 using an online tester on ports 500 and 4500, but I am still not sure if it will leak its memory during a VPN session that uses certificates.

Regards,

Mick

Anonymous · ‎04-15-2014

:

You can find out more information in regards to ADTRAN products affected by heartbleed through the recent ADTRAN Heartbleed Advisory.

General security advisories are also posted on our support community in the Security Advisories section.

Levi

mick · ‎04-15-2014

Thanks Levi, I saw the advisory when it went out. I replaced the SSL certificates on the Netvanta and clients anyway, to be on safe side.

Support
Community

Heartbleed bug and Netvanta 3120

VPN

Re: Heartbleed bug and Netvanta 3120

Re: Heartbleed bug and Netvanta 3120

Re: Heartbleed bug and Netvanta 3120

Re: Heartbleed bug and Netvanta 3120

SupportCommunity

Heartbleed bug and Netvanta 3120

VPN

Re: Heartbleed bug and Netvanta 3120

Re: Heartbleed bug and Netvanta 3120

Re: Heartbleed bug and Netvanta 3120

Re: Heartbleed bug and Netvanta 3120

Support
Community