Skip to main content Skip to search
Start Your Free Trial
Blog

A10 Products Not Vulnerable to OpenSSL CVE-2014-0160 (Heartbleed)

A10 Blog / Cyber Security / A10 Products Not Vulnerable to OpenSSL CVE-2014-0160 (Heartbleed)
A10 PSIRT Team
A10 PSIRT Team
|
April 9, 2014

On April 7th, the OpenSSL Project issued a security advisory for a TLS heartbeat read overrun vulnerability. This vulnerability allows attackers to access the memory of web servers and potentially access confidential data.

A number of customers have contacted A10, understandably worried that their A10 products are susceptible to the SSL vulnerability. We can confirm that A10 Thunder Series and AX Series products are not vulnerable.

This exploit was introduced with the implementation of RFC 6520 on more recent versions of OpenSSL. The affected versions of OpenSSL are as follows:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

A10 Thunder, AX, ID, and EX Series hardware appliances and vThunder virtual appliances (including AWS AMI versions) do not include vulnerable versions of OpenSSL and are therefore NOT impacted by this vulnerability.

For more information about the vulnerability, please visit:

https://heartbleed.com/

Share this post:

Share on LinkedIn
Categories:
Cyber Security
Previous Post
Next Post
A10 PSIRT Team
A10 PSIRT Team
|
April 9, 2014

The A10 SERT Team is A10 Networks' Security Engineering Research Team. Read More

Seeing is believing.
Schedule a live demo today.

Get a Product Demo

Related Resources

  1. Systems Strike Ukraine with Amplification and DrDoS Attacks
  2. What is the Log4j CVE?
  3. Why are Government Agencies So Vulnerable to Hacking?