start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
start portlet menu bar end portlet menu bar
Close
Select Page
Automation, HCLSoftware
  | November 1, 2022

New OpenSSL V3 Vulnerabilities Are Exploitable - Act Now

Rhonda Studnick Kaiser
Rhonda Studnick Kaiser
Director - Customer Experience BigFix
New OpenSSL V3 Vulnerabilities Are Exploitable - Act Now

(This blog will be updated with additional information as needed) 

The OpenSSL projectannounced details of vulnerabilities that exist in versions of the OpenSSL software versions earlier than version 3.0.7.  They have released OpenSSL Version 3.0.7 to address these security vulnerabilities. OpenSSL is the core open-source library that implements SSL and TLS protocols which makes it possible to securely communicate over the internet. It impacts Linux operating systems and some variants including Mac OS Ventura and Node.js 18 and 19. 

About the Vulnerability 

The OpenSSL project had originally communicated this vulnerability as Critical, however, it has since been downgraded to High per the latest advisory from OpenSSL.  They have indicated it does not impact versions of OpenSSL prior to V3.0.

This Vulnerability Is Known to Impact: 

  • Linux operating systems and some variants such as Ubuntu and macOS Ventura 
  • Containers and container images 
  • Node.js 18.x and 19.x which are JavaScript runtimes 
  • Code developed by C/C++ developers who embedded OpenSSL V3.0 or above 

Recommended Actions for BigFix Users 

  1. Review the latest details from OpenSSL at https://www.openssl.org/news/vulnerabilities.html 
  2. Identify vulnerable systems with OpenSSL V3.0 and above 
    1. Perform an Inventory scan (BigFix Inventory signatures in development) 
      1. Refer to the BigFix Forum for the software signature information once published 
      2. Review other sources of scanning software and tools for OpenSSL version at https://github.com/NCSC-NL/OpenSSL-2022/tree/main/scanning 
  3. Upgrade to OpenSSL to V3.0.7 as soon as possible to prevent a potential breach or attack 
    1. The BigFix team will be publishing vendor fixlets addressing this vulnerability in an expedited timeline
    2. Watch the BigFix Forum for content release announcements, as well as the BigFix Forum link below for our overall response.
  4. Keep abreast of updates on the Big Forum: https://forum.bigfix.com/t/openssl-3-vulnerabilities-2022-11-01/43303 

 

Comment wrap
Rhonda Studnick Kaiser
Rhonda Studnick Kaiser
Director - Customer Experience BigFix
Rhonda Studnick Kaiser is the HCL BigFix Director of Customer Experience. With more than 20 years of IT experience, more than 10 years in Information Security, my goal is to bring the voice of the customer into every stage of BigFix development and delivery. My passion is to ensure that our customers get the most out of their investment in BigFix and to build a trust relationship with them to drive innovation, transparency and cooperation across the product line.
Read more

Topics in this article:

BigFixOpenSSLvulnerability

Submit a Comment

Your email address will not be published. Required fields are marked *

* HCL provides software and services to the U.S. Federal Government through its partner Four, Inc. Please contact Four, Inc. at the U.S. Federal Government contact page.


bigfix
Automation | September 6, 2023
BigFix Runbook AI Enables Organizations to Streamline IT Operations and Improve Productivity
Come check out how BigFix’s new Runbook AI feature enables organizations to streamline their IT operations and improve productivity.
Uffe Sorensen
Sana Nair
Product Marketing Manager
bigfix
Automation | August 4, 2023
Using Threat Intelligence for Proactive Protection
Learn how organizations can proactively combine the power of automation with reliable threat intelligence to keep cyber threats at bay.
Uffe Sorensen
Kristin Hazlewood
SVP and GM BigFix
bigfix
Automation | August 4, 2023
Genuine Parts Company and ESM Technology Inc Develops Innovative Visibility and Analytics Solution Using BigFix
Read the blog and learn how Genuine Parts Company and ESM Technology Inc develops innovative visibility and analytics solution using BigFix
Uffe Sorensen
Cyril Englert
Solution Architect
start portlet menu bar end portlet menu bar