The Cisco Meraki team is aware of a critical vulnerability in OpenSSL, CVE-2014-0160 (also known as the Heartbleed vulnerability). OpenSSL is a security library that is widely used across the Internet.
We determined that Meraki servers, infrastructure, and network devices (i.e., access points, switches, and security appliances) are not affected by this vulnerability.
The Systems Manager dashboard as well as iOS, Android, and Mac devices enrolled in Systems Manager are not affected. Some Windows PCs enrolled in Systems Manager are affected by the vulnerability in the initial startup phase of the Systems Manager agent. During this phase, no sensitive information is available for an attacker to collect, and no private keys are exposed. This vulnerability does not allow an attacker to gain access to a PC managed by Systems Manager and it does not allow an attacker to gain any knowledge of the Systems Manager configuration. Regardless, a new build of the Systems Manager agent for Windows PCs is available for download via the dashboard. It is not affected by the vulnerability and customers are encouraged to download the new agent at their convenience.
For information on other Cisco products, please see the Cisco Security Advisory on the Heartbleed vulnerability.