OpenSSL security release (CVE-2022-0778)
Vulnerability details
There was a vulnerability in OpenSSL (CVE-2022-0778), in a function that scans certificates, this would allow an attacker to provoke a Denial of Service (DoS) on SMC in versions lower than 3.1.6.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
2022/03/25 |
Initial release |
Stormshield Management Center |
CVSS v3.1 Overall Score: 2.3 
|
Analysis
|
Impacted version
|
There was a vulnerability in OpenSSL (CVE-2022-0778), in a function that scans certificates, this would allow an attacker to provoke a Denial of Service (DoS) on SMC in versions lower than 3.1.6.
|
< v3.1.6
|
Workaround solution
|
Solution
|
Ensure all certificates imported on SMC come from a trusted Authority or PKI.
|
SMC v3.1.6
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Local |
High |
High |
Required |
Unchanged |
None |
None |
Low |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Proof of concept code |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
Medium |
High |
High |