In the last few weeks, We have had a number of questions regarding the new vulnerability nicknamed “POODLE” CVE-2014-3566.” As for every vulnerability, we review each one carefully to determine the impact to our devices and services, and we try to make a recommendation to our customers on the anticipated impact of these vulnerabilities. In these last weeks, we have conducted a risk analysis of this new vulnerability, as well as we are testing all of our devices for this vulnerability. Since this new vulnerability is coming down on the heels of HeartBleed and Shellshock, I am anticipating that many people will be covering this new vulnerability.
In our testing, we have found that many of our devices are impacted. This is in part because of the backward compatibility that we have built within our products. However, we have determined that very few customers are using these features, and we are actively removing the SSLv3 support for new firmware versions going forward. We have already fixed this issue in a number of devices, and we are in the middle of releasing new versions of firmware with this issue fixed.
As for every vulnerability, we review each one carefully to determine the impact to our devices and services, and we try to make a recommendation to our customers on the anticipated impact of these vulnerabilities. However, since we do not know each specific configuration and data that our customers are using for our products and services, it is always suggested that the customer review their unique situation and understand what the risk could be to their environment. However, we have found that with our products, that we rate this a “very low” impact.
Please check the official Digi and Etherios corporate response to poodle at http://www.digi.com/support/kbase/kbaseresultdetl?id=3619
As always, if you have any questions, feel free to email email@example.com, or firstname.lastname@example.org