[pardon the cross-posting]
I just noticed that while the VPN concentrators themselves are not
affected by the bug, the pertinent Cisco notification points out that
the AnyConnect Secure Mobility Client for iOS and 79xx, 89xx, and 99xx
series IP phones are.
As of this writing, there's no update for the AnyConnect iOS client in
the Apple App Store.
Sam Hooker | [log in to unmask]
Information Security Engineer
Enterprise Technology Services
The University of Vermont
On 20140409, 09:01 , Sam Hooker wrote:
> Hi Rich,
> The VPN concentrators serving sslvpn.uvm.edu have been verified as safe
> from this vulnerability. As for "general advice", please see my message
> to SECURITY as forwarded by Nick Gingrow ("FW: [SECURITY] serious flaw
> in OpenSSL 1.0.1 (CVE-2014-0160/"Heartbleed")").
> Let us know if you have further questions or suggestions.
> Sam Hooker | [log in to unmask]
> Information Security Engineer
> Enterprise Technology Services
> The University of Vermont
> On 20140409, 08:53 , Rich Downing wrote:
>> Does UVM's information security personnel have any 'official' advice on
>> dealing with the OpenSSL 'Heartbleed' security bug? Should use of Cisco
>> AnyConnect be continued?