Login
    Contents x
    Pharos response to OpenSSL 3.x vulnerability - November 2022
    • 05 Apr 2024
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Pharos response to OpenSSL 3.x vulnerability - November 2022

    • Updated on 05 Apr 2024
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Background 

    Recently, two security vulnerabilities were discovered inside OpenSSL version 3.x 

    The vulnerability *3602 was initially believed to be “Critical” because it allows either DoS of the receiving server, or possible Remote Code Execution. The vulnerability *3786 was initially believed to be “Critical” because it allows DoS of the remote server. Both vulnerabilities have since been downgraded to “High” due to the complexity of implementation and that it was unlikely to permit RCE. 

    Many organizations, including Pharos customers, are urgently investigating where this tool is used and how to update/repair those instances.   

    Pharos Software and OpenSSL 

    Pharos has reviewed all our software, 3rd party tools/libraries, internal infrastructure and cloud infrastructure and can confirm that we are not susceptible to OpenSSL 3.x vulnerability. 

    Two internal administration systems (not accessible externally) do use OpenSSL 3.x and will be upgraded shortly. 

    Was this article helpful?
    Related articles
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout