The Heartbleed bug is affecting routers, too

http://o.aolcdn.com/hss/storage/midas/cb8c3ebee72ec4bd2d98056056a2309a/200022610/bleeding-router.jpg

The Heartbleed Bug, a flaw in OpenSSL that would let attackers eavesdrop on Web, e-mail and some VPN communications, is a vulnerability that can be found not just in servers using it but also in network gear from Cisco and Juniper Networks. Both vendors say there's still a lot they are investigating about how Heartbleed impacts their products, and to expect updated advisories on a rolling basis.

Juniper detailed a long list in two advisories, one here and the other here. Cisco acted in similar fashion with its advisory.

“Expect a product by product advisory about vulnerabilities,” says Cisco spokesman Nigel Glennie, explaining that Cisco engineers are evaluating which Cisco products use the flawed versions of OpenSSL that may need a patch though not all necessarily will. That’s because Cisco believes it’s a specific feature in OpenSSL that is at the heart of the Heartbleed vulnerability and that it’s not always turned on in products.

Tags: