start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
  • Contact us
    • start portlet menu bar end portlet menu bar
    Close
    Select Page
    HCLSoftware
      | November 1, 2022

    New OpenSSL V3 Vulnerabilities Are Exploitable - Act Now

    Rhonda Studnick Kaiser
    Rhonda Studnick Kaiser
    Director - Customer Experience BigFix
    New OpenSSL V3 Vulnerabilities Are Exploitable - Act Now

    (This blog will be updated with additional information as needed) 

    The OpenSSL projectannounced details of vulnerabilities that exist in versions of the OpenSSL software versions earlier than version 3.0.7.  They have released OpenSSL Version 3.0.7 to address these security vulnerabilities. OpenSSL is the core open-source library that implements SSL and TLS protocols which makes it possible to securely communicate over the internet. It impacts Linux operating systems and some variants including Mac OS Ventura and Node.js 18 and 19. 

    About the Vulnerability 

    The OpenSSL project had originally communicated this vulnerability as Critical, however, it has since been downgraded to High per the latest advisory from OpenSSL.  They have indicated it does not impact versions of OpenSSL prior to V3.0.

    This Vulnerability Is Known to Impact: 

    • Linux operating systems and some variants such as Ubuntu and macOS Ventura 
    • Containers and container images 
    • Node.js 18.x and 19.x which are JavaScript runtimes 
    • Code developed by C/C++ developers who embedded OpenSSL V3.0 or above 

    Recommended Actions for BigFix Users 

    1. Review the latest details from OpenSSL at https://www.openssl.org/news/vulnerabilities.html 
    2. Identify vulnerable systems with OpenSSL V3.0 and above 
      1. Perform an Inventory scan (BigFix Inventory signatures in development) 
        1. Refer to the BigFix Forum for the software signature information once published 
        2. Review other sources of scanning software and tools for OpenSSL version at https://github.com/NCSC-NL/OpenSSL-2022/tree/main/scanning 
    3. Upgrade to OpenSSL to V3.0.7 as soon as possible to prevent a potential breach or attack 
      1. The BigFix team will be publishing vendor fixlets addressing this vulnerability in an expedited timeline
      2. Watch the BigFix Forum for content release announcements, as well as the BigFix Forum link below for our overall response.
    4. Keep abreast of updates on the Big Forum: https://forum.bigfix.com/t/openssl-3-vulnerabilities-2022-11-01/43303 

     

    Comment wrap
    Rhonda Studnick Kaiser
    Rhonda Studnick Kaiser
    Director - Customer Experience BigFix
    Rhonda Studnick Kaiser is the HCL BigFix Director of Customer Experience. With more than 20 years of IT experience, more than 10 years in Information Security, my goal is to bring the voice of the customer into every stage of BigFix development and delivery. My passion is to ensure that our customers get the most out of their investment in BigFix and to build a trust relationship with them to drive innovation, transparency and cooperation across the product line.
    Read more

    Topics in this article:

    BigFixOpenSSLvulnerability

    Start a Conversation with Us

    We’re here to help you find the right solutions and support you in achieving your business goals.

    Connect with us

    Submit a Comment

    Your email address will not be published. Required fields are marked *

    * HCL provides software and services to the U.S. Federal Government through its partner Four, Inc. Please contact Four, Inc. at the U.S. Federal Government contact page.


    bigfix
      |  September 6, 2023
    BigFix Runbook AI Enables Organizations to Streamline IT Operations and Improve Productivity
    Come check out how BigFix’s new Runbook AI feature enables organizations to streamline their IT operations and improve productivity.
    Uffe Sorensen
    Sana Nair
    Product Marketing Manager
    bigfix
      |  August 4, 2023
    Using Threat Intelligence for Proactive Protection
    Learn how organizations can proactively combine the power of automation with reliable threat intelligence to keep cyber threats at bay.
    Uffe Sorensen
    Kristin Hazlewood
    SVP and GM BigFix
    bigfix
      |  August 4, 2023
    Genuine Parts Company and ESM Technology Inc Develops Innovative Visibility and Analytics Solution Using BigFix
    Read the blog and learn how Genuine Parts Company and ESM Technology Inc develops innovative visibility and analytics solution using BigFix
    Uffe Sorensen
    Cyril Englert
    Solution Architect
    start portlet menu bar end portlet menu bar