Wavelink is aware of the vulnerability inside of OpenSSL and we are currently in the process of investigating it. We will update this document with further information as we have it. We appreciate your patience.
As updates are available, including any additional information about how this vulnerability affects Wavelink products and progress for any updates or patches, it will be added to this document.
.
What is this vulnerability?
There is a bug in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
From CVE: "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug."
.
For more information, please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 and http://heartbleed.com/
.
How does this affect Wavelink?
Affected Product(s)
TE for Android | No, (See Reason) | While our product is not vulnerable, it is currently believed that Android versions 4.1.x are vulnerable to Heartbleed. Customers impacted should be directed to contact device manufacturers for an OS update. |
Connect Pro | Yes, only newer versions that were not available on the web site | Only newer versions that are not generally available on the web site are vulnerable:
Version 4.5.004 uses OpenSSL 1.0.1e. “OpenSSL 1.0.1 to 1.0.1f are affected.” - This version was not generally released.
Version 4.5.003 uses OpenSSL 1.0.1c. “OpenSSL 1.0.1 to 1.0.1f are affected.” - This version was not generally released.
All prior versions have older versions of OpenSSL and are not affected. Current released versions on the web site do not have the vulnerability. |
Velocity for Android | No, (See Reason) | While our product is not vulnerable, it is currently believed that Android versions 4.1.x are vulnerable to Heartbleed. Customers impacted should be directed to contact device manufacturers for an OS update. |
Non-Affected Product(s)
Wavelink Avalanche and Avalanche on Demand (AOD)
Wavelink TE Windows
Wavelink TE Ce
Wavelink TE IOS
Wavelink Emulation License Server
Wavelink Enablers CE & Windows
Wavelink Velocity CE
Wavelink Studio Server
Wavelink Studio (Client Side)
Wavelink Remote Control
Wavelink Speakeasy