Cisco Blogs


Cisco Blog > Security

T-7 Days to Improved Cisco IOS Security

The Cisco IOS Software Security Advisory Bundled Publication will go live in seven days and this time we will have an important update to the Cisco IOS Software Checker to go along with it.

As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our advisories, vulnerabilities scheduled for disclosure in these upcoming Security Advisories will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0 Read More »

Tags: , , , , , ,

New Standards May Reduce Heartburn Caused by the Next Heartbleed

Ed Paradise, Vice President of Engineering for Cisco’s Threat Response, Intelligence and Development Group

Much has been made of the industry-wide Heartbleed vulnerability and its potential exploitation. Cisco was among the first companies to release a customer Security Advisory when the vulnerability became public, and is now one of many offering mitigation advice.

Those dealing with this issue on a day-to-day basis know it’s not enough to just patch the OpenSSL software library. Organizations also need to revoke and reissue digital certificates for their Heartbleed-vulnerable sites. If your certificates were stored in a Trust Anchor Module (TAM), they are still safe. Otherwise, a few additional steps should be taken to ensure you and your customers are secure:
Read More »

Tags: , , , , ,

Cisco, Linux Foundation, and OpenSSL

The recent OpenSSL Heartbleed vulnerability has shown that technology leaders must work together to secure the Internet’s critical infrastructure. That’s why Cisco is proud to be a founding supporter of the Linux Foundation initiative announced yesterday (April 24th).

The initiative will fund open source projects that are critical to core computing and Internet functions, and Cisco sees security technologies as a fundamental infrastructure component. The first project being considered for funding is OpenSSL. As a longtime contributor to open source and user, we’ve offered code and intellectual property to enhance OpenSSL. We’ve also provided patches and testing results to help address vulnerabilities. Today’s announcement takes that commitment a step further.

We are pleased to help form a critical mass of governance, funding, and focus that will support the output of open source communities like OpenSSL. By working together as an industry, we can expect greater security, stability, and robustness for components that are critical to the Internet.

For more Cisco-specific information on the Heartbleed vulnerability, please visit our event response page and Security Advisory. You may also be interested in our April 23 webinar titled, Heartbleed: Assessing and Mitigating Your Risk.

Tags: , , , , , ,

Cisco Live 2014 San Francisco: Security Technology Track

Cisco Live, May 18-24, 2014, is quickly approaching and registration is open. This is the 25th anniversary of Cisco Live and we return to the Bay Area at San Francisco’s Moscone Center. Educational sessions are organized into technology tracks to make it easy to find the topics that most interest you. With network and data security being top of mind, I’d like to highlight the Security technology track’s exciting content lineup. Read More »

Tags: , , , , , , , , , , , , , , , , , ,

OpenSSL Heartbleed vulnerability CVE-2014-0160 – Cisco products and mitigations

*** UPDATED 15-April 2014  ***

By now, almost everyone has heard of the OpenSSL Heartbleed vulnerability with CVE id CVE-2014-0160. The vulnerability has to do with the implementation of the TLS heartbeat extension (RFC6520) and could allow secret key or private information leakage in TLS encrypted communications. For more detailed information, visit the VRT’s analysis.

Cisco maintains an Cisco Event Response Page with details and network mitigations about the vulnerability

Read More »

Tags: , , , ,