Are any of your devices affected by the Heartbleed vulnerability?
A flaw in some versions of OpenSSL was recently found. The vulnerability, known as “Heartbleed”, could potentially allow cyber-attackers to access a website customer data along with traffic encryption keys. This only affects some of our products that are configured to use the HTTPS protocol. If a malicious user was able access the switch by HTTPS, or attempt network access via Web Authentication on the switch, then they could access information stored in the switch's memory. However, the information accessed would be specific to the operation of the switch, and not related to other users' data being hardware forwarded through the switch.
The Allied-Telesis product lines that may be affected by this Open SSL heart bleed issues are:
L3 Switch Products (AT-SBxSeries, AT-xSeries)
Vulnerable from version 5.4.4-0.1 (Feb 2014)
Fixed in release 5.4.4-0.4 onwards
Vulnerable from version 126.96.36.199 (Apr 2013)
Fixed in release 188.8.131.52 onwards
Vulnerable from version 184.108.40.206 (Jan 2014)
Fixed in release 220.127.116.11 onwards
Vulnerable from version 18.104.22.168 (Jan 2014)
Fixed in release 22.214.171.124 onwards
The following products are not vulnerable.
-Other managed switches (including the AT-DC2552XS)
-Wireless products (TQ series, and Unified Wireless Controller)
-AR Router Products (AT-AR Series)
-Network management products (AlliedView series)