CVE-2022-3602 and CVE-2022-3786: Is DX NetOps vulnerable to the OpenSSL v3 Vulnerability?
book
Article ID: 253304
calendar_today
Updated On:
Products
CA SpectrumDX NetOpsCA Virtual Network AssuranceCA Performance Management - Usage and AdministrationCA Network Flow Analysis (NetQos / NFA)CA Mediation Manager
Issue/Introduction
CVE-2022-3602 and CVE-2022-3786 were published by OpenSSL on November 1st, 2022.
Environment
Only versions 3.0+ of OpenSSL are affected.
Resolution
Not Affected or does not use component:
DX NetOps NFA - Ships 1.1.1l
DX NetOps Spectrum - Ships 1.1.1g
DX NetOps CAMM - utilizes the openssl version installed on the operating system. If the version is found vulnerable, it needs to be updated manually by the customer. DX Netops CAMM does not ship OpenSSL.