OpenSSL V3- Not 1 but 2 Vulnerabilities, CVE-2022-3602 and CVE-2022-3786

favicon

CloudWize is the first out-of-the-box Cloud Security Center of Excellence (CSCoE) solution that helps companies easily guard their cloud by having maximum cloud security and compliance with minimal effort. Get 360° protection from architecture design to runtime and have peace of mind.

Important note! OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786 affect only version 3.0. and up. If you have a lower version, you won’t be affected at this time. 

OpenSSL is a cryptography library that provides an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. 

Attackers can exploit CVE-2022-3602 to trigger a denial of service via a buffer overflow through malicious email addresses, while attackers can exploit CVE-2022-3786 to trigger a crash or remote code execution.

The Netherlands’ National Cyber Security Centre has a list of software products confirmed to be (un)affected by OpenSSL vulnerability.

Redhat Enterprise Linux 9, Ubuntu 22.04+, CentOS Stream9, Kali 2022.3, Debian 12, and Fedora 36 include the latest OpenSSL versions.

Severity level: Both vulnerabilities are ranked high (as defined in OpenSSL.org) after a downgrade from critical.

How to find out if you’re vulnerable? 

With CloudWize you automatically get your critical vulnerabilities as you open the Insights panel. So if you have the OpenSSL vulnerability, you’ll see it immediately. No need to push and no scripts are required. We’re pulling it for you.  

Watch this one-minute video:

How to fix it? 

To avoid hackers exploiting this vulnerability, you must immediately update to OpenSSL version 3.0.7. 

Join our weekly demo

Once a week our CEO, Chen Goldberg is giving a group demo. 

In this demo he’s showing how to gain maximum cloud security and compliance using CloudWize platform. 

We use cookies and tracking technologies to improve your experience on our website and for analytics purposes. By using and accessing this site, you agree to our Terms of Use and Privacy Policy