Product Version: 6.5.0.0
Overview
OpenSSL has released a security update addressing two high-severity buffer overflow vulnerabilities.
These flaws exist in the validation process of X.509 certificates in OpenSSL.
A successful exploit can lead to:
Denial-of-Service (DoS) conditions, or
Remote Code Execution (RCE).
We strongly recommend applying the latest OpenSSL patches on high priority to mitigate these risks.
CVE IDs Assigned
CVE-2022-3602
CVE-2022-3786
Affected Software
Windows: OpenSSL versions before 3.0.7
Linux: OpenSSL versions before 3.0.5
Solution
To address these vulnerabilities, OpenSSL has released security patches. We advise upgrading to the fixed versions immediately. For more details, refer to the vendor’s official advisory: OpenSSL Addresses High Severity Vulnerabilities 2022.Patch Now!
Vulnerability Detection and Patching with Saner CVEM
Follow the steps below to detect and remediate the vulnerabilities using Saner CVEM:
Login to the Saner CVEM platform.
Switch to the Account/Site-specific view and navigate to the VM tool.
If your OpenSSL application is vulnerable, Saner CVEM will list CVE-2022-3602 and CVE-2022-3786 in Top Vulnerabilities or Recently Discovered Vulnerabilities.
Search for these vulnerabilities in the VM tool.
If affected, apply the patch via:
PM → Missing Patches
Select the appropriate Groups/Devices in the Asset Source section and click Apply.
From the Asset section, select the OpenSSL product.
Click Apply Selected Patches (top-right corner).
This will prompt you to create a patching task.
Fill in the Task Name and Remediation Schedule as per your requirements.
Confirm by clicking Apply Selected Patches.
A Remediation Job will be created, which upgrades the vulnerable OpenSSL versions and mitigates the vulnerabilities.
After remediation, the Saner agent automatically scans again and uploads the latest results to Saner CVEM.
Conclusion
These vulnerabilities are considered high severity and can potentially be exploited remotely.
It is highly recommended to:
Patch OpenSSL immediately across all systems, and
Regularly monitor for vulnerabilities using Saner CVEM to ensure continuous protection.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article