Is Symantec Endpoint Protection Manager 14.3 RU6 affected by CVE-2022-40735 and CVE-2022-20001
Article ID: 272170
Updated On:
Products
Endpoint Protection
Issue/Introduction
Is Symantec Endpoint Protection Manager (SEPM) 14.3 RU6 affected by the below CVEs?
CVE-2022-40735
CVE-2022-20001
Environment
Symantec Endpoint Protection Manager 14.3 RU6
Resolution
There is a potential for impact. SEPM utilizes services that allow remote clients to communicate with DHE. There is a configuration change that can be implemented to mitigate this vulnerability.
Apache httpd
Navigate to <SEPM>\apache\conf\ssl. In "ssl.conf" and "sslForClients.conf", locate the lines:
SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!3DES:!RC4:!kDH:!SHA1
And replace with the string below:
SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!3DES:!RC4:!kDH:!SHA1:!kDHE
SSLOpenSSLConfCmd Groups x25519:secp256r1
SSLOpenSSLConfCmd Groups x25519:secp256r1
Tomcat
Locate the files <SEPM>\tomcat\conf\server.xml And <SEPM>\tomcat\instances\sepm-api\conf\server.xml
Locate the two cipher configuration strings:
HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!3DES:!RC4:!kDH:!SHA1
And replace with the string below:
HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!3DES:!RC4:!kDH:!SHA1:!kDHE
After the change is applied, restart the following services:
The Symantec Endpoint Protection Manager service
The Symantec Endpoint Protection Manager Webserver service
The Symantec Endpoint Protection Manager API service
Note: Please note that cipher changes to Apache may affect browsers opening reporting pages, since older browsers/OS may have limited supported ciphers.
Feedback
Yes
No
Powered by
