Versions Compared

Old Version 1

changes.mady.by.user Kelli Higdon

Saved on

compared with

New Version Current

changes.mady.by.user Kelli Higdon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you would like the full technical details, continue reading.  Otherwise, rest assured that we have examined our own software, the software that our system depends upon (the Linux operating system and components, for example), and other products that we resell (such as routers and phones).  While some of these products are still under investigation, we have not found any evidence of an intrusion, nor do we have any reason to believe that any of our products are vulnerable.

Revision Information

Reference Number:

20140410-01

Release Date:

April 10, 2014

Latest Revision:

April 10, 2014: 1

Vulnerability Information

SSL is core component of many communication protocols and OpenSSL is a very common library used throughout different products and services. Fonality develops and sells a variety of products and services that also use SSL and this advisory will detail the impact of the vulnerability on each product and provide references as needed.

CONTROL PANEL

Fonality Control Panel (http://cp.fonality.com ) NOT VULNERABLE

The Control Panel (CP) is central to all Fonality Product Lines below. The Fonality control panel website itself is not vulnerable. As an extra security measure, you may chose to reset your CP passwords. Please see SSL Certificate Compromisefor more details.

PRODUCT LINES

Connect / Connect+  NOT VULNERABLE

All versions of the Connect and Connect+ service are not vulnerable.

Unbound  NOT VULNERABLE

All versions of the Unbound service are not vulnerable.

Enterprise Pay as you Go NOT VULNERABLE

All versions of the Enterprise Pay as you Go service are not vulnerable. This service may also listed as Enterprise Hosted and Fonality Private Cloud in past product documentation.

PBXtra NOT VULNERABLE

All versions of the default installation of PBXtra are not vulnerable.

trixbox ProNOT VULNERABLE

All versions of the default installation of PBXtra are not vulnerable.

SSL CERTIFICATE COMPROMISE

...

Along with its core product line, Fonality sells a variety of network hardware that may be susceptible to the OpenSSL vulnerability.

D-Link DSR 250-N UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

D-Link DSR 500-N UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

D-Link DIR 655 UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

Cisco SRP 521 UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

Cisco SRP 541 UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

Cisco RV180W Router UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

Cisco RV220W Router UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

Vega 50 VS0113 UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

Vega 50 VS0114 UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

Vega 5000 VS0150 UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

Vega 5000 VS0151 UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

Vega 5000 VS0152 UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

Vega 5000 VS0153 UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

PHONES

Fonality sells or has sold in the past various models of VOIP phones that are supported with our services. Please read below for information specific to each vendor.

Polycom Phones NOT VULNERABLE

The Polycom firmware revisions currently supported by Fonality are not believed to be vulnerable. If you have manually modified your firmware to a different version, please check with Polycom if you’re vulnerable. Fonality currently supports the following Polycom phones:

  • SoundPoint IP335

  • SoundPoint IP550

  • SoundPoint IP560

  • SoundPoint IP650

  • SoundStation IP 5000

  • SoundStation IP 6000

Yealink Phones NOT VULNERABLE

Yealink firmware revisions supported by Fonality are immune from the Heartbleed bug. This applies to all models of Yealink phones we support, including:

  • Yealink SIP-T20P

  • Yealink SIP-T32G

  • Yealink SIP-T38G

  • Yealink W52P

ADD-ON FEATURES/PRODUCTS

Enterprise Hosted Record All MIXED

A small percentage of our Enterprise Hosted Record All customers were provisioned on servers that were vulnerable to the Heartbleed bug. Fonality will be proactively notifying affected customers as deemed necessary. The remaining majority of customers servers have not been affected.

HUD Web (hudweb.fonality.com) NOT VULNERABLE

The HUD Web service is not vulnerable. However, as a precaution, you may chose to reset your HUD Web password. Please see SSL Certificate Compromisefor more details.

Screenshare (share.fonality.com) NOT VULNERABLE

The Screenshare service is not vulnerable. However, as a precaution, you may chose to reset your HUD Web password. Please see SSL Certificate Compromisefor more details.

HUD Desktop NOT VULNERABLE

The HUD Desktop product not vulnerable.

HUD Server NOT VULNERABLE

The HUD Server service is not vulnerable.

Video Collaboration (vendor: zoom.us) UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

Paperless Fax License (vendor: Concord Fax) UNDER INVESTIGATION

We’re currently investigating the vulnerability status with the vendor.

References

...