1 of 1 people found this helpful
I conducted testing today and found no AOS-based products to be vulnerable to Heartbleed. I tested a few NetVanta switch and router products across a few R10+ and pre-R10 software versions without any vulnerability detected. Perhaps ADTRAN will provide an official statement, but my own anecdotal testing turns up negative for AOS. At least one other ADTRAN product is known to be vulnerable.
This does not mean that web servers behind an AOS firewall are safe. If you have port-forwarding to an HTTPS server running a version of OpenSSL that is vulnerable, then that server needs to be patched. The port-forwarding could be removed to block traffic as a short-term way to mitigate risk.
I also tested the 3120 using an online tester on ports 500 and 4500, but I am still not sure if it will leak its memory during a VPN session that uses certificates.
Thanks Levi, I saw the advisory when it went out. I replaced the SSL certificates on the Netvanta and clients anyway, to be on safe side.