Allied Telesis Support Portal

Heartbleed Vulnerability

Are any of your devices affected by the Heartbleed vulnerability?

A flaw in some versions of OpenSSL was recently found. The vulnerability, known as “Heartbleed”, could potentially allow cyber-attackers to access a website customer data along with traffic encryption keys.  This only affects some of our products that are configured to use the HTTPS protocol. If a malicious user was able access the switch by HTTPS, or attempt network access via Web Authentication on the switch, then they could access information stored in the switch's memory. However, the information accessed would be specific to the operation of the switch, and not related to other users' data being hardware forwarded through the switch.
The Allied-Telesis product lines that may be affected by this Open SSL heart bleed issues are:
L3 Switch Products (AT-SBxSeries, AT-xSeries)
Vulnerable from version 5.4.4-0.1  (Feb 2014)
Fixed in release 5.4.4-0.4 onwards
AT-9000 Series
Vulnerable from version (Apr 2013)
Fixed in release onwards
AT-8100 Series
Vulnerable from version (Jan 2014)
Fixed in release onwards
AT-FS970M Series
Vulnerable from version (Jan 2014)
Fixed in release onwards
The following products are not vulnerable.
-Other managed switches (including the AT-DC2552XS)
-Wireless products (TQ series, and Unified Wireless Controller)
-AR Router Products (AT-AR Series)
-Network management products (AlliedView series)
Previous MonthNext Month