Skip to content
  • There are no suggestions because the search field is empty.

ESA-2014-033: Security Update for OpenSSL Heartbleed Vulnerability RSA Netwitness and RSA Security Analytics

Tags: RSA NetWitness Platform, Security Advisories

Advisory Type

Security


Advisory Content

EMC Identifier: ESA-2014-033

CVE Identifier: CVE-2014-0160

Severity Rating: CVSS v2 Base Score: Refer NVD (http://nvd.nist.gov/) for CVSS score

Affected Products:

RSA Security Analytics Windows Legacy Collector < v10.3.3

RSA Security Analytics v10.2.x

RSA Security Analytics v10.1.x

RSA Security Analytics v10.0.x

RSA NetWitness v9.8.x

Summary: 

The Heartbleed vulnerability (CVE-2014-0160) affects the popular OpenSSL cryptographic software library used to secure internet communication. Following the release of this OpenSSL vulnerability, RSA immediately initiated a review of RSA products to assess any potential impact and determined RSA Security Analytics v10.0, v10.1, v10.2, v10.3 Windows Legacy Collector and RSA Netwitness v9.8.x were impacted.

Details: 

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets. This improper handling of packets may allow remote attackers to obtain sensitive information from process memory using crafted packets that trigger a buffer over-read.

More information on this vulnerability can be found at:

-        - Original Disclosure: http://heartbleed.com

-        - US Cert: http://www.kb.cert.org/vuls/id/720951

-        - NVD: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160&cid=2  

-        - OpenSSL Advisory: https://www.openssl.org/news/secadv_20140407.txt

 

Recommendation:

RSA strongly recommends that customers upgrade to versions listed below that contain the resolution to this issue.

á       - RSA NetWitness 9.8.5.19

á       - RSA Security Analytics 10.2.4 

á       - RSA Security Analytics 10.3.3

If customers are not able to upgrade, the following best practices are recommended to help minimize risk:

-      - Systems should be placed on an isolated management network with no access to regular and external network traffic.

-      - Access to devices should be limited to only client systems requiring access (i.e., analyst and administrative workstations).

After upgrade, it is strongly recommended to:

á      - renew certificates

á      - revoke old certificates

á      - change passwords for user and system accounts  

If running 10.0 or 10.1, please upgrade to 10.2.4 or contact Support to receive further instructions.

For reference to versions not listed, please refer to the RSA KB article found at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx#a65004 to determine current status. This advisory will be updated when additional resolutions are made available for other affected versions.