AEROHIVE SIRT
The Aerohive Security Incident Response Team (Aerohive SIRT) is responsible for researching, analyzing and responding to security incident reports related to Aerohive products. This team is the first point of contact for all security incident reports and works directly with Aerohive customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with our products.
This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Aerohive products. Aerohive respects and honors responsible disclosure practices. We do not have a bounty program, nor do we maintain a “wall of fame”
SECURITY BULLETINS
Aerohive Security Advisories are published for significant security issues that directly involve Aerohive products and require an upgrade, fix, or other customer action. In all security publications, Aerohive discloses the minimum amount of information required for an end-user to assess the impact of the reported vulnerability and any potential steps needed to protect their environment. Aerohive does not provide vulnerability details that could enable someone to craft an exploit. All security advisories here are displayed in chronological order, with the most recently updated advisory appearing at the top of the page.
| Title | Last Updated |
|---|---|
| Product Security Announcement: Authenticated User Privilege Escalation (Jul 31, 2018) | July 31, 2018 |
| Product Security Announcement: Aerohive’s Response to Meltdown and Spectre (Jan 5, 2018) | January 5, 2018 |
| Product Security Announcement: Aerohive’s Response to “KRACK” (Oct 16, 2017) | October 16, 2017 |
| Product Security Announcement for CVE-2017-5638 aka “Apache Struts RCE” (Mar 17, 2017) | March 17, 2017 |
| Product Security Advisory – HiveManager 6 (Dec 16, 2015) | December 16, 2015 |
| Product Security Announcement for CVE-2015-0235 aka “Ghost” (Feb 3, 2015) | March 16, 2015 |
| Product Security Announcement for CVE-2014-3566 aka “Poodle” (Oct 14, 2014) | December 10, 2015 |
| Product Security Announcement for CVE-2014-6271 aka “Shellshock” (Sept 26, 2014) | October 2, 2014 |
| Response to Security-Assessments Security Advisory (Sept 5, 2014) | September 5, 2014 |
| Product Security Announcement (June 30, 2014) | June 30, 2014 |
HOW TO REPORT A SECURITY VULNERABILITY
The Aerohive SIRT has an email alias that makes it easy for customers and others to report potential security vulnerabilities.Once we acknowledge your email, we request five business days to reproduce the reported problem and prepare a response. We appreciate you waiting for our response prior to reporting the problem to others. Please report any potential or real instances of security vulnerabilities with any Aerohive Networks product to the Aerohive SIRT at security@aerohive.com. For immediate assistance, Aerohive TAC is available 24 hours a day by calling 1-866-365-9918 (North America) or +1-408-510-6100.
Who reads email sent to security@aerohive.com?
The Aerohive Security Incident Response Team, which is a restricted and carefully chosen group of Aerohive employees, monitors this email address. No outside users can subscribe to this list.
What information should I send to security@aerohive.com?
When you contact us please give as much information as possible. We encourage you to encrypt any sensitive information you send to us using our public key, visible below and available at various key servers.
Security Advisories
Click here for the latest security advisories
How do we respond to a notification?
All issues reported to the Security Incident Response Team will be investigated. Patches will be generated where necessary and a security advisory will be released. Unless you inform us otherwise, it is our usual practice to cooperate with other affected security vendors and organizations such as CERT/CC to share vulnerability information and patches. However, we will never forward the email that you send to us, and we will not pass on any information that could identify you, your company, your machines, or your configuration.
Please note: Aerohive does not provide an advance notification service. Security patches and advisories are freely available from our web site.
To report a security issue to Aerohive Networks, we encourage you to use the following PGP key for secure communication.