"Heartbleed" Threatens Videoconferencing Systems

DEKOM Security Bulletin 04-2014

Cisco, Lifesize, Polycom logos
10.06.2014 -

A very serious security vulnerability has been discovered on April 7, 2014: The "Heartbleed Bug" is associated with the open-source secure communications library known as OpenSSL, and could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys. For a detailed but clear explanation of the way "Heartbleed" works, please watch the following video: http://vimeo.com/91425662

The affected OpenSSL versions 1.0.1 through 1.0.1f are used in a wide range of products from many vendors. Several videoconferencing devices and clients are amongst them: Cisco confirmed a large part of their TelePresence and WebEx products as vulnerable, Polycom ascertained vulnerability for their HDX, RealPresence Group and Collaboration Server Series.

Do not leave it to chance: contact us, if you are using an affected system, or if you are concerned about this vulnerability within your deployment. We can provide you with the most current information on new fixes, updates, patches and workarounds. Contact us now – we look forward to hearing from you!