CradlePoint, the global leader in cloud-managed, 3G/4G networking solutions for distributed enterprises, has announced the release of a firmware patch for devices potentially affected by the recent ‘Heatbleed’ bug.
CradlePoint has released new firmware to patch the critical security vulnerability discovered in OpenSSL known as the ‘Heartbleed’ bug. These new firmware versions are available for download via the cradlepoint.com/firmware webpage as well as through Enterprise Cloud Manager, CradlePoint’s network management and application platform (which itself was patched and secured last week).
In conjunction with the release of new firmware, CradlePoint has reissued certificates in Enterprise Cloud Manager which will trigger the generation of new private keys and obsolete any compromised keys that could be used to decrypt data for malicious purposes. Users should upgrade firmware and follow the appropriate steps documented below.
Firmware Patch Now Available:
- 5.1.1 – AER 2100, ARC MBR1400, MBR1400, MBR1200B, ARC CBA750B, CBA750B, COR IBR600, COR IBR650
- 5.0.4 – MBR95
- 4.3.3 – CBR400, CBR450
For remote devices, CradlePoint recommends using Enterprise Cloud Manager to upgrade firmware, since it has the ability to quickly update large deployments of devices in real-time. If you are not currently an Enterprise Cloud Manager customer, CradlePoint is providing a free 30-day Enterprise Cloud Manager account to upgrade your devices.
Steps to Follow Once Firmware is Upgraded:
- Regenerate Certificates
- Change all passwords, WiFi keys, and Pre-Shared Keys
- Do NOT restore backups
- Update all VPN Clients and Peers
CradlePoint encourages all customers to check their infrastructure for systems with the impacted versions of the OpenSSL libraries. At CradlePoint, protecting your network is the first priority. Should you have any further questions CradlePoint is offering free technical support for 30 days to address this issue. Please email firstname.lastname@example.org.