OpenSSL security update (CVE-2022-0778)

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2022-014 CVE-2022-0778 , TGB_2022_002 03/15/2022 low v1

Vulnerability details

OpenSSL security update to patch CVE-2022-0778 (Infinite Loop / Deny of service when parsing forged certificate)

Impacted products

ProductsSeverityDetail
Stormshield Network VPN Client low OpenSSL security update to patch CVE-2022-0778 (Infinite Loop / Deny of service when parsing forged certificate)

Revisions

Version Date Description
v1 Initial release


Stormshield Network VPN Client

CVSS v3.1 Overall Score: 2.1      

Analysis

Impacted version

OpenSSL security update to patch CVE-2022-0778 (Infinite Loop / Deny of service when parsing forged certificate)

https://www.thegreenbow.com/fr/support/alertes-securite#deeplink-12536  (TGB_2022_002)

Workaround solution

Solution

There is no workaround solution.

The version 6.87.108 fixes this vulnerability.



Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network High None Required Unchanged None None Low
CVSS Base score: 3.1 CVSS Vector: (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 2.7 CVSS Vector: (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
Low Low Low
CVSS Environmental score: 2.1 CVSS Vector: (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)