Heartbleed and Vulnerabilities Discovered in Cisco UC Line

You can’t look anywhere these days without seeing news about Heartbleed – the new vulnerability discovered with OpenSSL 1.01/1.02. Vendors frantically started releasing security patches to fix affected applications, and Cisco was no exception. From the list of affected products, the following fall under UC domain:

Yup, pretty much 90% of affected products were Voice, Video and Conferencing related (click here to see the full list).

Our own vulnerability scanner discovered that Cisco Jabber Guest (EAP 7) is also vulnerable, so if you, like myself, are a member of the privileged Collaboration User Group and participate in Cisco Jabber Guest Beta trial, make sure that you minimize your risk exposure by controlling access to Jabber Guest server until the update/patch becomes available.

Stay tuned and keep safe!