On 4/12/2014 8:55 PM, Harry Hoffman wrote: > Didn't Cisco already release a bunch of updates related to Anyconnect and > heartbleed?
There were AnyConnect for iOS (little "i", not big "I") issues with heartbleed, but everything else has been mostly phone and UCS related. IOS XE is affected if you have enabled https:// administrative interface. Otherwise no (at least not yet, they're still checking). There were, however, four separate security issues released this week that affected SSL VPN, AnyConnect, and ASAs (I had to patch our ASAs even though we do not do SSL VPN or AnyConnect, there is a DoS attack possible via SIP).
signature.asc
Description: OpenPGP digital signature