One of our colleagues ran a Qualys scan on an internally used product and found that the product still uses 1024-bit certificates for its modules to communicate with each other. The vendor says that this issue will be targeted in a future release (a few months at the least).
I read a few links (Symantec FAQ and a very informative blog post) about the risks.
Since the product is used in a private network, I am of the opinion that we shouldn't worry about the certificate issue a lot. It is less likely for a hacker to be aware of such a product unless he/she is an insider. The weak certificate can definitely lead to leaked cipher suite and in turn leak the entire communication. I wouldn't deny that. My stance depends on the assumption that the attacker doesn't have access to the internal network.
I would like to know from the community what are the other scenarios that I am not considering here.