OpenSSL Heartbleed Vulnerability
The Heartbleed bug is a vulnerability in a popular open-source implementation of the SSL/TLS protocol, called OpenSSL. It may allow unauthenticated remote attackers on the Internet to read the memory of connected systems which use vulnerable versions of the OpenSSL library, which may compromise high value assets such as secret keys used to encrypt and decrypt private information. This could allow attackers, armed with these secret keys, to impersonate users and services, steal information or eavesdrop on communications.
This vulnerability is limited to specific versions of the OpenSSL library, that were made available after the bug was introduced in December 2011. The bug is known as CVE-2014-0160.
Mitel is currently investigating its product portfolio to determine vulnerability on this issue. This advisory will be updated on a regular basis, while we complete the investigation on the product portfolio. The current status of the portfolio is as follows:
Products Not Vulnerable
The following products are confirmed to be not vulnerable: