We did discuss this internally and this is the current response from Intel/McAfee regarding FREAK & Business Products:
McAfee Firewall Enterprise (MFE) was vulnerable but was patched on March 4, 2015, with general maintenance hotfix 7.0.1.03.H11.
At this time, Intel Security does not know of any other McAfee products that are affected. Investigation of all McAfee products is ongoing.
I have asked another Moderator for any updates on the matter.
I have an outstanding Service Request with Corporate Support asking for confirmation on which McAfee products are vulnerable to this exploit.
Ex_Brit has already posted the current response from Intel Security in Post #3 above, but I will chase up on the MWG product.
Certified Product Specialist - ePO
The Latest announcement from Intel is:
"The security impact is quite low risk because it is not easy to perform an exploit on this vulnerability and it requires additional exploits and expert know-how:
a) There must be a man-in-the-middle. (Which already requires much effort (e.g. using an additional exploit) on the attacker side.)
b) The downgrade attack must be executed.
c) The RSA key must be broken by brute force (considered as additional exploit) (e.g. on a EC2 cluster; again, expert crypto know-how is needed for that)
Yes, in theory, this all can be done, but in the real world the risk is negligibly small. MWG is vulnerable because of using the vulnerable openSSL library after the analysis. Fix will be released within 2 weeks"
Thank you Richard for your reply,
I agree that probably the scriptkiddies will be unable to benefit from this vulnerability, but as we know it's a bad world out there and if there is a hole in the chees the mouse is not far away.
Thank you also for the expected timeframe - good the hear.
there is a McAfee SNS newsletter available. FREAK vulnerability is fixed in MWG with the latest Releases.
McAfee Web Gateway 188.8.131.52 (Main Release) and McAfee Web Gateway 184.108.40.206 (Controlled Release) are now available.
Both releases include patches for the following Open SSL vulnerabilities:
See the following Security Bulletins for more information on the vulnerabilities:
Web Gateway 220.127.116.11 (Main Release)
In addition to the vulnerability fixes, Web Gateway 18.104.22.168 resolves a number of miscellaneous issues.