OpenSSL Addresses Two High-Severity Vulnerabilities – Patch Immediately

Modified on Fri, 3 Oct at 7:40 AM

Product Version: 6.5.0.0


Overview

OpenSSL has released a security update addressing two high-severity buffer overflow vulnerabilities.
These flaws exist in the validation process of X.509 certificates in OpenSSL.

  • A successful exploit can lead to:

    • Denial-of-Service (DoS) conditions, or

    • Remote Code Execution (RCE).

We strongly recommend applying the latest OpenSSL patches on high priority to mitigate these risks.


CVE IDs Assigned

  • CVE-2022-3602

  • CVE-2022-3786


Affected Software

  • Windows: OpenSSL versions before 3.0.7

  • Linux: OpenSSL versions before 3.0.5


Solution

To address these vulnerabilities, OpenSSL has released security patches. We advise upgrading to the fixed versions immediately. For more details, refer to the vendor’s official advisory: OpenSSL Addresses High Severity Vulnerabilities 2022.Patch Now!  


Vulnerability Detection and Patching with Saner CVEM

Follow the steps below to detect and remediate the vulnerabilities using Saner CVEM:

  1. Login to the Saner CVEM platform.

  2. Switch to the Account/Site-specific view and navigate to the VM tool.

  3. If your OpenSSL application is vulnerable, Saner CVEM will list CVE-2022-3602 and CVE-2022-3786 in Top Vulnerabilities or Recently Discovered Vulnerabilities.

  4. Search for these vulnerabilities in the VM tool.

  5. If affected, apply the patch via:

    • PM → Missing Patches

  6. Select the appropriate Groups/Devices in the Asset Source section and click Apply.

  7. From the Asset section, select the OpenSSL product.

  8. Click Apply Selected Patches (top-right corner).

    • This will prompt you to create a patching task.

    • Fill in the Task Name and Remediation Schedule as per your requirements.

    • Confirm by clicking Apply Selected Patches.

  9. A Remediation Job will be created, which upgrades the vulnerable OpenSSL versions and mitigates the vulnerabilities.

  10. After remediation, the Saner agent automatically scans again and uploads the latest results to Saner CVEM.


Conclusion

These vulnerabilities are considered high severity and can potentially be exploited remotely.
It is highly recommended to:

  • Patch OpenSSL immediately across all systems, and

  • Regularly monitor for vulnerabilities using Saner CVEM to ensure continuous protection.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article