Campus Networks

Jeff Sejourne

Brocade Products and Website NOT Affected by Heartbleed Vulnerability

by Jeff Sejourne on ‎04-16-2014 12:52 PM - last edited on ‎10-23-2014 03:30 PM by Community Manager (4,321 Views)

 

Since early last Wednesday, the web and media have been abuzz over a new security vulnerability they have named the Heartbleed bug. Heartbleed is a security vulnerability inOpenSSL, an open-source protocol primarily used to encrypt web communications but also used by IT personnel for connecting securely to network devices and servers for administrative purposes. After thorough investigation, our engineering teams have concluded that neither our products nor website are affected by the Heartbleed bug. 


Brocade product offering including SAN products running FOS or M-EOS software, IP products running ServerIron, FastIron, NetIron, BigIron RX and Brocade Network Advisor, DCFM, Vyatta and vADX software are not exposed to the vulnerability highlighted by the attack. These products do not make use of the code that is the vector for the attack and hence are not exposed to it.

For additional information, please refer to Brocade Technical Support Bulletin TSB 2014-185-A uploaded on Brocade.com for your convenience.

Comments
by Community Manager on ‎04-17-2014 10:33 AM

Great information Geoffrey and thanks for sharing!

by andrew.c.hadenfeldt on ‎04-17-2014 12:26 PM

What about cases where SSL/TLS isn't terminated on the ADX? F5 has scripts that can protect sites like this until they can be patched--is there anything like that on the ADX?

 

(Yes, I understand the downside to this type of SSL config--not looking to debate that here.)