Heartbleed bug also affects Cisco, Juniper equipment

The Heartbleed bug, the major security vulnerability that allows sensitive data to be scraped from servers, also affects Cisco Systems and Juniper products, the networking gear giants announced Thursday.

A Cisco advisory issued Thursday listed 11 products and two services as vulnerable to the flaw, as well as more than 60 others considered "affected" as investigation of the flaw continue. Most of the products on the list relate to Cisco collaboration products such as IP telephones and communications servers. The messaging services deemed vulnerable -- Cisco's Registered Envelope Service (CRES) and Webex Messenger Service -- have already been patched, the company said.

A pair of Juniper advisories listed various products as vulnerable, including those based on Junos OS 13.3R1 and the Odyssey client 5.6r5 and later.

The Heartbleed bug, which was introduced into OpenSSL more than two years ago by a developer submitting code to fix bugs, allows random bits of memory to be retrieved from impacted servers.

Security researcher Bruce Schneier called the flaw "catastrophic." "On the scale of 1 to 10, this is an 11," he said, estimating that half a million Web sites were vulnerable.

Many Web sites have been quick to patch the flaw (see CNET's list here), but repairing hardware may be more difficult.

"It doesn't sound like a flip the switch sort of thing," Juniper spokesperson Corey Olfert told the Wall Street Journal. "I don't know how quickly they can be resolved."