Carnegie Mellon University Website Home Page
 

SECURITY ALERT: OpenSSL Vulnerability - Update Cisco AnyConnect

DATE: July 1, 2014

WHO DOES THIS AFFECT:

Individuals using Cisco AnyConnect Secure Mobility Client to connect to Virtual Private Networks (VPNs) should update to the latest version.

SUMMARY:

A version of OpenSSL used by Cisco’s AnyConnect is affected by one or more security vulnerabilities. These vulnerabilities may allow attackers to collect information such as encryption keys, session cookies, credit card numbers, passwords, and social security numbers.

WHAT YOU NEED TO DO:

  • AUTOMATIC UPDATE INFORMATION - After July 2, 2014, no action is required as automatic updates will begin once you connect to the CMU campus network via VPN. You will be prompted if an automatic update is available to download. The application may restart when completed.
  • MOBILE DEVICES - Update to the latest version of AnyConnect from the appropriate app store (e.g. Apple’s App Store, Google Play).
  • WINDOWS, MAC, and LINUX (Full Download) - Download the latest version of AnyConnect from http://www.cmu.edu/computing/software/all/cisco-anyconnect/.

For VPN settings and general instructions, visit http://www.cmu.edu/computing/network/vpn/

MORE INFORMATION:


CONTACT:


Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or it-help@cmu.edu) or to your departmental IT staff or DSP consultant.