https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160937#M28429 <DIV class=""> <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/48695">@dnpl</a>&nbsp;: Your link writes "<EM>Only OpenSSL versions 3.0 through 3.0.6 are vulnerable</EM>", so <STRONG><FONT color="#008000">Check Point is not affected</FONT></STRONG>.<BR />Simply verify your openssl version with this command:</P> <LI-CODE lang="markup">[Expert@fw:0]# cpopenssl version OpenSSL 1.1.1n 15 Mar 2022 </LI-CODE> <P>Confirmed by Check Point in <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92447" target="_self">sk92447</A> and <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk180206" target="_self">sk180206</A>.&nbsp;</P> </DIV> Tue, 01 Nov 2022 17:55:42 GMT Danny 2022-11-01T17:55:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160930#M28427 <P>On Tuesday, November 1, 2022, the OpenSSL project will release a new version of OpenSSL version 3.0.7 that will patch an as-yet-undisclosed vulnerability in current versions of OpenSSL. See following for details:</P><P><A href="https://blog.qualys.com/vulnerabilities-threat-research/2022/10/31/qualys-research-alert-prepare-for-a-critical-vulnerability-in-openssl-3-0" target="_blank">https://blog.qualys.com/vulnerabilities-threat-research/2022/10/31/qualys-research-alert-prepare-for-a-critical-vulnerability-in-openssl-3-0</A></P><P>This is likely to impact Check Point Scanners and possibly every linux-based device and third-party software product we have which uses a web portal for management.</P><P>Is Checkpoint planning to release a fix for vulnerability?</P> Tue, 01 Nov 2022 15:44:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160930#M28427 dnpl 2022-11-01T15:44:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160931#M28428 <P>We published a blog that no doubt will be updated as additional information becomes known including relevant IPS signatures &amp; SK articles.&nbsp;</P> <P><A href="https://blog.checkpoint.com/2022/10/30/openssl-gives-heads-up-to-critical-vulnerability-disclosure-check-point-alerts-organizations-to-prepare-now/" target="_blank">https://blog.checkpoint.com/2022/10/30/openssl-gives-heads-up-to-critical-vulnerability-disclosure-check-point-alerts-organizations-to-prepare-now/</A></P> Tue, 01 Nov 2022 15:51:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160931#M28428 Chris_Atkinson 2022-11-01T15:51:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160937#M28429 <DIV class=""> <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/48695">@dnpl</a>&nbsp;: Your link writes "<EM>Only OpenSSL versions 3.0 through 3.0.6 are vulnerable</EM>", so <STRONG><FONT color="#008000">Check Point is not affected</FONT></STRONG>.<BR />Simply verify your openssl version with this command:</P> <LI-CODE lang="markup">[Expert@fw:0]# cpopenssl version OpenSSL 1.1.1n 15 Mar 2022 </LI-CODE> <P>Confirmed by Check Point in <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92447" target="_self">sk92447</A> and <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk180206" target="_self">sk180206</A>.&nbsp;</P> </DIV> Tue, 01 Nov 2022 17:55:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160937#M28429 Danny 2022-11-01T17:55:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160938#M28430 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/687">@Danny</a>&nbsp;</P><P>So which version of OpenSSL does checkpoint use?</P><P>Thanks</P> Tue, 01 Nov 2022 18:00:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160938#M28430 dnpl 2022-11-01T18:00:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160939#M28431 <P>Version 1.1.1 as shown in my post above and in<SPAN>&nbsp;</SPAN><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92447" target="_self" rel="noopener noreferrer">sk92447</A><SPAN>.</SPAN></P> Tue, 01 Nov 2022 18:01:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160939#M28431 Danny 2022-11-01T18:01:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160948#M28432 <P>We are not vulnerable. See here:&nbsp;<A href="https://community.checkpoint.com/t5/General-Topics/CVE-2022-3602-amp-CVE-2022-3786-in-relation-to-Check-Point/m-p/160942#M26896" target="_blank">https://community.checkpoint.com/t5/General-Topics/CVE-2022-3602-amp-CVE-2022-3786-in-relation-to-Check-Point/m-p/160942#M26896</A></P> Tue, 01 Nov 2022 19:38:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/OpenSSL-Vulnerability/m-p/160948#M28432 _Val_ 2022-11-01T19:38:41Z