OpenSSL Critical Vulnerability

Posted on November 1, 2022 by carlagajdecki

UPDATED NOVEMBER 2:

N-able is aware OpenSSL.org released two vulnerabilities (CVE-2022-3602 and CVE-2022-3786) that affect OpenSSL version 3.0.0 and later and have been addressed in OpenSSL 3.0.7.

After thorough investigation, our team has determined N-able’s products are not impacted by this vulnerability.

ORIGINAL POST NOVEMBER 1:

N-able is aware for the first time in 10 years, OpenSSL.org released details of two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections.

The vulnerabilities (CVE-2022-3602 and CVE-2022-3786affect OpenSSL version 3.0.0 and later and have been addressed in OpenSSL 3.0.7.

We are continuing to determine where OpenSSL exists in our products to determine our risk profile and upgrade the affected products as quickly as possible.

At this time we have determined the following products and solutions are not impacted by this vulnerability:

  • N-Central
  • Mail

We continue to investigate this potential vulnerability and will continue to update this list.

This entry was posted in Backup (N-central), Backup (RMM), Cloud User Hub, Cove Data Protection, Cove Data Protection release notes, Cove Data Protection service updates, Mail Assure, MSP Anywhere, MSP Manager, MSP Service Desk, N-central, N-sight, Passportal, Risk Intelligence, Security Notices, Take Control. Bookmark the permalink.