Is the ProxySG or the ASG vulnerable to CVE-2018-0737?

book

Article ID: 171937

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

You want to know if your ProxySG or Advanced Secure Gateway (ASG) is vulnerable to CVE-2018-0737.

Resolution

SGOS versions 6.5, 6.6, and 6.7 have the vulnerable OpenSSL code identified in CVE-2018-0737, but are not vulnerable to known vectors of attack. Exploiting the vulnerability would require executing arbitrary code on the appliance, which the ProxySG/ASG does not allow.