Earlier this year a particular vulnerability was discovered in the OpenSSL cryptography library, a commonly-used implementation of the Transport Layer Security (TLS) protocol.
Dubbed “Heartbleed”, this vulnerability has serious implications for data security, by allowing would-be attackers to extract possibly sensitive information from active memory, albeit in small 64kilobyte chunks.
Many systems and IP devices include software applications that utilise OpenSSL. Therefore, this vulnerability extends to IP-based PBX systems and servers, whereby the information ‘bled’ from the system may include such things as password information or authentication data.
It has been determined that this vulnerability exists only on specific versions of OpenSSL (between V1.01 and 1.01f).
Earlier and later versions are not affected
The attached Technical Information document from Panasonic describes the OpenSSL versions used in a range of PBX and related equipment and indicates whether or not this equipment is at risk. You will see from the list that none of this equipment is affected, since for the most part, the OpenSSL versions used are not in the identified range, or where they have been used, there is no effect for the equipment
If you have any queries in relation to this matter, please contact the IT&T Support Team on 4228 9555.
Kind regards,
IT&T Support Team
Panasonic Technical Information
0