Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

When will we see a Heartbleed fix?

thisisdave_
New Contributor
‎04-08-2014 06:40:AM
‎04-08-2014 06:40:AM

When will we see a Heartbleed fix?

Based on a heartbleed check tool looking at my org's SSL VPN sign-in page, it appears MAG devices running 8.0R3.0 are affected. I'm unsure about 7.4R8.0.

 

I'm shocked there isn't any mention on it in the Secuirty Advisories, nor other sections of the support portal.

 

I'm hopeful a patch is coming soon as I may wind up needing to unplug my MAG, adding insult to the injury of having to force all my VPN users to change their credentials.

0 Kudos
6 REPLIES 6
flip_pipe_
Frequent Contributor
‎04-08-2014 06:49:AM
‎04-08-2014 06:49:AM

Re: When will we see a Heartbleed fix?

 

Stewart in other thread says it is vulnerable and I also test and gave positive.

 

We also have SSLVPN from Checkpoint and those are not vulnerable.

0 Kudos
Jewels_
Contributor
‎04-08-2014 01:51:PM
‎04-08-2014 01:51:PM

Re: When will we see a Heartbleed fix?

The Juniper Networks Security Incident Response Team (SIRT) is aware of the vulnerability and working on fixes to address potential risks to some Juniper products. A Juniper Security Advisory will be published soon and updated as new details become available. We encourage our customers to contact JuniperÕs Customer Support Center for detailed advisories and product updates. We work with customers running vulnerable products very closely to ensure they take the appropriate steps we have identified and deploy any necessary updates or mitigations in a timely manner.

 

We will post news and bulletins here once they become available.

Thank you!

 

0 Kudos
Jewels_
Contributor
‎04-08-2014 06:45:PM
‎04-08-2014 06:45:PM

Re: When will we see a Heartbleed fix?

The Security Advisory is now posted here: http://kb.pulsesecure.net/JSA10623

Thanks!
Julie
0 Kudos
lyndidon_
Contributor
‎04-09-2014 11:30:AM
‎04-09-2014 11:30:AM

Re: When will we see a Heartbleed fix?

You may want to subscribe for updates. I was just creating a post to write up about it yesterday, and was about to make the same complaint, when I got the email update. I was up till late in the morning and saw it. As Jewells indicated, it is posted. I guess making a headline about it would just be asking for all hackers and malevolents out there to direct their attention to Juniper devices.

A new product security advisory has been released. This message contains the link to the new Juniper Security Advisory (JSA) that has been released.

 

JSA10623 2014-04 Out of Cycle Security Bulletin: Multiple products affected by OpenSSL "Heartbleed" issue (CVE-2014-0160)

NOTE: A Security Advisory is a formal notice regarding critical and/or potentially service-affecting hardware and software security issues. The Security Advisory process allows the proactive communication of pertinent information to both customers and partners. Please report any potential or real instances of security vulnerabilities with any Juniper Networks product to the Juniper Networks Security Incident Response Team (Juniper SIRT) at [email protected]

0 Kudos
CaseyH_
Contributor
‎04-09-2014 12:18:PM
‎04-09-2014 12:18:PM

Re: When will we see a Heartbleed fix?

KB29004 is out there with the links to the new downloads.

 

Appears the fix has been released for a lot of affected products.

0 Kudos
nanustud_
New Contributor
‎04-10-2014 08:03:PM
‎04-10-2014 08:03:PM

Re: When will we see a Heartbleed fix?

When should we expect the new version for Virtual SA appliances (DTE,STE) tried upgrading our's to 7.4R9.2 but it failed.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.