Alerts

OpenSSL Vulnerability Announced

cma-it.com/resources/
openssl-vulnerability-announced
Published on
November 7, 2022

On Tuesday, November 1, OpenSSL disclosed details of a high severity vulnerability affecting versions 3.0.0 through 3.0.6.  This vulnerability could allow remote attackers to cause a denial of service on affected systems, resulting in system outages and downtimes.  It is possible that under very specific circumstances the vulnerability could also be used to execute remote code.

Over the coming weeks, vendors will be releasing updates to their software that uses the OpenSSL libraries.  We recommend monitoring these vendor updates and applying these patches as part of your normal patching cycle.

More details can be found at the following CISA post:

https://www.cisa.gov/uscert/ncas/current-activity/2022/11/01/openssl-releases-security-update

IT Mentorship in Your Inbox

Subscribe and stay up to date on the latest insights, expert advice, and happenings in IT.