Failed our latest PCI Scan due to OpenSSL ChangeCipherSpec Man in the Middle Vulnerability. Contacted Zyxel for fix & OpenSSL version.
According to email I received, current OpenSSL version is 0.9.7 and as for the fix, this was the response at this time there are no plans to change the OpenSSL version on the ZyWALL.
They did provide two work-arounds to try, which I will this weekend, but find it a little un-nerving that they have no plans to fix the vulnerability.
↧