Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

CVE-2022-3602 & CVE-2022-3786 in relation to Check Point products

On Tuesday, 1 November 2022, the OpenSSL project team released OpenSSL 3.0.7 update as a security-fix release (OpenSSL Advisory).

This release includes 2 HIGH severity vulnerabilities and was assigned to CVE-2022-3602 (Reduced from Critical) & CVE-2022-3786. These buffer overflow vulnerabilities in the Certificate could result in a denial of service or potentially remote code execution on affected versions.

The update affects only OpenSSL versions 3.0.0 through 3.0.6. (Version 3.0 was first released in September 2021). OpenSSL version 1.x is not affected by this vulnerability, therefore older operating systems and devices are safe.

Just to clarify, Check Point is using OpenSSL 1.1.1 release and therefore is not vulnerable.

For more information, please refer to sk180206 and sk92447

TO READ THE FULL POST it's simple and free