Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
_Val_
Admin
Admin

CVE-2022-3602 & CVE-2022-3786 in relation to Check Point products

On Tuesday, 1 November 2022, the OpenSSL project team released OpenSSL 3.0.7 update as a security-fix release (OpenSSL Advisory).

This release includes 2 HIGH severity vulnerabilities and was assigned to CVE-2022-3602 (Reduced from Critical) & CVE-2022-3786. These buffer overflow vulnerabilities in the Certificate could result in a denial of service or potentially remote code execution on affected versions.

The update affects only OpenSSL versions 3.0.0 through 3.0.6. (Version 3.0 was first released in September 2021). OpenSSL version 1.x is not affected by this vulnerability, therefore older operating systems and devices are safe.

Just to clarify, Check Point is using OpenSSL 1.1.1 release and therefore is not vulnerable.

For more information, please refer to sk180206 and sk92447

3 Replies
Bob_Zimmerman
Authority
Authority

Any word on an IPS protection to catch malicious certificates trying to exploit these on other systems?

0 Kudos
_Val_
Admin
Admin

Here is a quote from the related Check Point Blog article: "Check Point Researchers are keeping a close watch on this story and we will report back as development becomes available"

Also, look here:

What can I do until further details are revealed?

In the meantime, organizations should stay alert and utilize security’s best practices, including patching and updating all systems to the latest operating system, and getting ready to update IPS once they become available.
Customer Guidance for reported security update OpenSSL 3.0.0 to 3.0.6 versions is available here
At any given moment, if you feel you’ve been breached or under attack contact our Emergency Response Hotline
In addition our worldwide Technical Assistance Centers are available to assist you 24 x 7.

My understanding is, it is still in the works. Actual exploitation tools are required to produce IPS signatures, and none are known at this point.

0 Kudos
Bob_Zimmerman
Authority
Authority

IPS update was released yesterday. It's described in sk180206, and the protection name is OpenSSL Buffer Overflow (CVE-2022-3602; CVE-2022-3786).

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events