The short answer is, yes you should be worried, CVE-2022-3602 is a severe vulnerability.īut, given the limited scope as well as high exploitation complexity the risk is significantly reduced. OpenSSL offers an open-source application of TLS and allows users to perform actions on SSL certificates. OpenSSL is a commonly used library that provides cryptographic protocols and secure communications to applications over the internet. Technical details regarding both vulnerabilities can be found at the bottom of this post. In this blog post, we will provide some background information regarding both vulnerabilities, their impact, and recommended mitigation and remediation measures. ![]() Īccording to the OpenSSL team, although in the pre-announcement, CVE-2022-3602 was categorized as CRITICAL, further analysis based on some of the mitigating factors available led this to be downgraded to HIGH. ![]() In the official security advisory released today by the OpenSSL project team, two different vulnerabilities were announced, none of which is critical: CVE-2022-3602 and CVE-2022-3786.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |