<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Impact of OpenSSL CVE-2022-3602 and CVE-2022-3786 on SSP and SELKS Users

TL;DR

Stamus Networks uses OpenSSL in the Stamus Security Platform (SSP) as well as our open source SELKS ISO versions. The vulnerabilities identified in today’s disclosure and CVE announcement do NOT impact this particular version of OpenSSL. Therefore, Stamus Security Platform and SELKS are not susceptible to exploits against these vulnerabilities.

In addition, Stamus Networks is working with its threat intelligence partners to develop mechanisms for detecting attempted exploits of these vulnerabilities. We will notify our customers immediately as soon as we can share information on these solutions.

Background

On October 25, 2022, the OpenSSL Project announced they will be releasing an update to OpenSSL in order to address a “CRITICAL” vulnerability. The vulnerability was not disclosed at this time.

On November 1, 2022, the OpenSSL Project published an advisory (https://www.openssl.org/news/secadv/20221101.txt) in which they shared more information about these buffer overflow vulnerabilities which affect versions 3.0.0 to 3.0.6 of OpenSSL:

  • CVE-2022-3602 - X.509 Email Address 4-byte Buffer Overflow
  • CVE-2022-3786 - X.509 Email Address Variable Length Buffer Overflow

Based on evidence gathered since the pre-announcement was made, OpenSSL downgraded the severity level of both CVEs to “HIGH.”

Read more on the OpenSSL blog here: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ 

Impact on Stamus Networks Customers

Stamus Networks includes OpenSSL in the operating system which is embedded in its Stamus Security Platform (SSP) as well in the ISO versions of its open source system, SELKS

In each of these systems, an earlier version of OpenSSL is installed. The vulnerabilities identified in the 1-November-2022  disclosure and CVE announcement do NOT impact this particular version of OpenSSL. 

Therefore, Stamus Security Platform and the ISO versions of SELKS are not susceptible to exploits against these vulnerabilities.

Users of the SELKS 7 Docker Compose package (which runs on the user’s host operating system environment) should make sure their host OS and associated applications are up to date and using a patched OpenSSL version.

If you have any questions or concerns about Stamus Security Platform, please contact Stamus Networks Support or your account manager.

SELKS users should engage the community on the Stamus Networks Discord Server here: https://discord.gg/dbaAcT6BF7

Detecting Attempted Exploits with Stamus Security Platform

Stamus Networks is working with its threat intelligence partners to develop mechanisms for detecting attempted exploits of these vulnerabilities. We will notify our customers immediately as soon as we can share information on these solutions.
Stamus Networks Team

Stamus Networks Team

Schedule a Demo of Stamus Security Platform

REQUEST A DEMO

Related posts

In the Trenches with NDR: NDR Discovers Crypto Wallet Stealer on U.S. University's Network by Dallon Robinette

In the Trenches with NDR: NDR Discovers Crypto Wallet Stealer on U.S. University's Network

Tl:DR: A Large U.S. university lacked sufficient visibility into a large segment of its environment...

In the Trenches with NDR: K-12 School District Maximizes Visibility While Avoiding Alert Fatigue by Dallon Robinette

In the Trenches with NDR: K-12 School District Maximizes Visibility While Avoiding Alert Fatigue

TL;DR: An American school district needed to monitor over 5000 school-owned student devices, making...

In the Trenches with NDR: European MDR Designs Advanced NDR into Their Product Offering

In the Trenches with NDR: European MDR Designs Advanced NDR into Their Product Offering

TL;DR: A European managed security service provider seeking to launch an MDR service chose Stamus...

ABOUT STAMUS NETWORKS

Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. The global leader in Suricata-based network security solutions, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our Stamus Security Platform combines the best of intrusion detection (IDS), network security monitoring (NSM), and network detection and response (NDR) systems into a single solution that exposes serious and imminent threats to critical assets and empowers rapid response. 

Indianapolis, USA Paris, France

Privacy

© 2014-2024 Stamus Networks, Inc. All rights Reserved.