Risk Assessments/Management, Breach

OpenSSL flaw impact evaluated by cyber vendors

Several cybersecurity, storage and cloud vendors have been evaluating the effect of the high-severity flaw in OpenSSL, tracked as CVE-2022-0778, which could be exploited to facilitate a denial-of-service condition, reports SecurityWeek. OpenSSL Project has already addressed the vulnerability but Palo Alto Networks is still examining its impact on its products. Fixes for the PAN-OS, Cortex XDR agent software, and the GlobalProtect app, which have been affected by the bug, are on the way, according to Palo Alto Networks. "For PAN-OS software, this includes both hardware and virtual firewalls and Panorama appliances as well as Prisma Access customers. This vulnerability has reduced severity on Cortex XDR agent and Global Protect app as successful exploitation requires an attacker-in-the-middle attack (MITM)," said the company. F5 is also working on patches for its BIG-IP and Traffix offerings but noted that only BIG-IP implementations with certain configurations are impacted. On the other hand, Check Point has already pushed fixes for several of the impacted products. Meanwhile, Sophos will be releasing patches for affected Web Appliance, UTM, and Firewall implementations within the month.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.