SECURITY ALERT: OpenSSL Vulnerability - Update Cisco AnyConnect
DATE: July 1, 2014
WHO DOES THIS AFFECT:
Individuals using Cisco AnyConnect Secure Mobility Client to connect to Virtual Private Networks (VPNs) should update to the latest version.
A version of OpenSSL used by Cisco’s AnyConnect is affected by one or more security vulnerabilities. These vulnerabilities may allow attackers to collect information such as encryption keys, session cookies, credit card numbers, passwords, and social security numbers.
WHAT YOU NEED TO DO:
- AUTOMATIC UPDATE INFORMATION - After July 2, 2014, no action is required as automatic updates will begin once you connect to the CMU campus network via VPN. You will be prompted if an automatic update is available to download. The application may restart when completed.
- MOBILE DEVICES - Update to the latest version of AnyConnect from the appropriate app store (e.g. Apple’s App Store, Google Play).
- WINDOWS, MAC, and LINUX (Full Download) - Download the latest version of AnyConnect from http://www.cmu.edu/computing/software/all/cisco-anyconnect/.
For VPN settings and general instructions, visit http://www.cmu.edu/computing/network/vpn/
Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or firstname.lastname@example.org) or to your departmental IT staff or DSP consultant.