Radware investigated and can report that:
· The following products are not vulnerable to CVE-2014-0160: Products that do not use the vulnerable OpenSSL versions for any purpose (SSL offloading or management) and in any product platform or version.
§ Alteon Application Switch
§ APSolute Vision
§ APSolute Insite ManagePro
§ SIP Director
- Junos OS 13.3R1
- Odyssey client 5.6r5 and later
- SSL VPN (IVEOS) 7.4r1 and later, and SSL VPN (IVEOS) 8.0r1 and later (Fixed code is listed in the "Solution" section)
- UAC 4.4r1 and later, and UAC 5.0r1 and later (Fixed code is listed in the "Solution" section)
- Junos Pulse (Desktop) 5.0r1 and later, and Junos Pulse (Desktop) 4.0r5 and later
- Network Connect (windows only) version 7.4R5 to 7.4R9.1 & 8.0R1 to 8.0R3.1. (This client is only impacted when used in FIPS mode.)
- Junos Pulse (Mobile) on Android version 4.2R1 and higher.
- Junos Pulse (Mobile) on iOS version 4.2R1 and higher. (This client is only impacted when used in FIPS mode.)
Several Websense products at version 7.7.3 or later use the vulnerable OpenSSL libraries. The tables below show specific impacts and workarounds.
FortiGate (FortiOS) 5.x
FortiADC D-Series models 1500D, 2000D and 4000D
FortiADC E-Series 3.x
Coyote Point Equalizer GX / LX 10.x
F5 Product Development has assigned ID 456033 (BIG-IP) to this vulnerability.
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:
||Versions known to be vulnerable
||Versions known to be not vulnerable
||Vulnerable component or feature
||11.5.0 - 11.5.1
||11.0.0 - 11.4.1
10.0.0 - 10.2.4
|Configuration utility Compat SSL ciphers
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.
To mitigate this vulnerability, you should consider the following recommendations:
- Limit the Configuration utility access to a trusted management network.
- Use only Native SSL stack ciphers. Do not use ciphers from the Compat SSL stack. For information about the Native and Compat ciphers, refer to SOL13163: SSL ciphers supported on BIG-IP platforms (11.x).
- Back-end resources are not protected by virtual servers that do not use SSL profiles and pass SSL traffic through to the back-end web servers. When possible, you should protect back-end resources by using SSL profiles to terminate SSL at the BIG-IP.