search cancel

VIP OpenSSL critical vulnerability that exists within the v3.0.X branch - CVE-2022-3786 | CVE-2022-3602


Article ID: 253383


Updated On:


VIP Service


On Tuesday, October 25 a new OpenSSL hot-fix release was announced which will patch a critical vulnerability that exists within the v3.0.X branch. 

OpenSSL 3.0.7 will be released on Tuesday, November 1 and in tandem the details of the vulnerability and its associated CVE will be made public. (More Information:

Is Symantec VIP product vulnerable?


Enterprise Gateway 9.9.2 and before

Enterprise Gateway 9.10 


Third party OpenSSL version 3.x


Enterprise Gateway 9.9.2 and below : Enterprise Gateway 9.9.2 and below uses OpenSSL 1.x and is not impacted by this vulnerability.

Enterprise Gateway 9.10:   Enterprise gateway 9.10 uses OpenSSL 3.x and is currently under investigation and further information will be shared in this KB article.

VIP Cloud Components:  VIP Cloud components do not use any version of OpenSSL and therefore not impacted.

The product team is looking into impact and what fixes/patches might be required.  Please return back to this article for updates as more information is received.

Additional Information

Additional information on the CVE:

Broadcom Security Advisory