Cisco has issued a security bulletin for customers about the Heartbleed bug in the OpenSSL cryptography code, and it’s not about Web servers. So far, the company has unearthed 11 products and 2 services susceptible to attack through the vulnerability, which can be used to retrieve random bits of content from an attacked device’s memory. Cisco’s IOS XE operating system for network hardware is one of the higher-profile products on the company's list.

Cisco has already patched the two services—Cisco’s Registered Envelope Service (CRES) and Webex Messenger Service—that were deemed vulnerable. Most of the remaining products on Cisco's list are connected to the company’s collaboration products, such as its UCS unified messaging platform. They also include IP telephones, communications servers, and messaging systems:

Cisco AnyConnect Secure Mobility Client for iOS

Cisco Desktop Collaboration Experience DX650

Cisco Unified 7800 series IP Phones

Cisco Unified 8961 IP Phone

Cisco Unified 9951 IP Phone

Cisco Unified 9971 IP Phone

Cisco TelePresence Video Communication Server (VCS)

Cisco IOS XE

Cisco UCS B-Series (Blade) Servers

Cisco UCS C-Series (Stand alone Rack) Servers

Cisco Unified Communication Manager (UCM) 10.0

Cisco Registered Envelope Service (CRES)

Cisco Webex Messenger Service

The list isn’t yet complete—the company is still investigating whether over 60 additional products, including other versions of the IOS operating system and other network hardware, are vulnerable.