On Tuesday, October 25 a new OpenSSL hot-fix release was announced which will patch a critical vulnerability that exists within the v3.0.X branch.
OpenSSL 3.0.7 will be released on Tuesday, November 1 and in tandem the details of the vulnerability and its associated CVE will be made public. (More Information: https://securityboulevard.com/2022/10/openssl-critical-vulnerability-should-you-be-spooked/)
Is Symantec VIP product vulnerable?
Enterprise Gateway 9.9.2 and before
Enterprise Gateway 9.10
Third party OpenSSL version 3.x
Enterprise Gateway 9.9.2 and below : Enterprise Gateway 9.9.2 and below uses OpenSSL 1.x and is not impacted by this vulnerability.
Enterprise Gateway 9.10: Enterprise gateway 9.10 uses OpenSSL 3.x and is currently under investigation and further information will be shared in this KB article.
VIP Cloud Components: VIP Cloud components do not use any version of OpenSSL and therefore not impacted.
The product team is looking into impact and what fixes/patches might be required. Please return back to this article for updates as more information is received.
Additional information on the CVE: