search cancel

CVE-2022-3602 and CVE-2022-3786: Is DX NetOps vulnerable to the OpenSSL v3 Vulnerability?

book

Article ID: 253304

calendar_today

Updated On:

Products

CA Spectrum DX NetOps CA Virtual Network Assurance CA Performance Management - Usage and Administration CA Network Flow Analysis (NetQos / NFA) CA Mediation Manager

Issue/Introduction

CVE-2022-3602 and CVE-2022-3786 were published by OpenSSL on November 1st, 2022.  

 

Environment

Only versions 3.0+ of OpenSSL are affected.

Resolution

 

Not Affected or does not use component:

  • DX NetOps NFA - Ships 1.1.1l
  • DX NetOps Spectrum - Ships 1.1.1g
  • DX NetOps CAMM - utilizes the openssl version installed on the operating system.  If the version is found vulnerable, it needs to be updated manually by the customer.  DX Netops CAMM does not ship OpenSSL.
  • DX NetOps CABI - Not Shipped
  • DX NetOps PM - Ships 1.0.2k-fips
  • DX NetOps Kafka - Not shipped
  • DX NetOps OI Connector - Not shipped
  • DX NetOps VNA - Not shipped

Additional Information

https://www.openssl.org/news/secadv/20221101.txt