Heartbleed bug also affects Cisco, Juniper equipment

The major security vulnerability affects networking equipment used to connect to the Web, the companies warn.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil


The Heartbleed bug, the major security vulnerability that allows sensitive data to be scraped from servers, also affects Cisco Systems and Juniper products, the networking gear giants announced Thursday.

A Cisco advisory issued Thursday listed 11 products and two services as vulnerable to the flaw, as well as more than 60 others considered "affected" as investigation of the flaw continue. Most of the products on the list relate to Cisco collaboration products such as IP telephones and communications servers. The messaging services deemed vulnerable -- Cisco's Registered Envelope Service (CRES) and Webex Messenger Service -- have already been patched, the company said.

A pair of Juniper advisories listed various products as vulnerable, including those based on Junos OS 13.3R1 and the Odyssey client 5.6r5 and later.

The Heartbleed bug, which was introduced into OpenSSL more than two years ago by a developer submitting code to fix bugs, allows random bits of memory to be retrieved from impacted servers.

Security researcher Bruce Schneier called the flaw "catastrophic." "On the scale of 1 to 10, this is an 11," he said, estimating that half a million Web sites were vulnerable.

Many Web sites have been quick to patch the flaw (see CNET's list here), but repairing hardware may be more difficult.

"It doesn't sound like a flip the switch sort of thing," Juniper spokesperson Corey Olfert told the Wall Street Journal. "I don't know how quickly they can be resolved."