Is Symantec Endpoint Protection Manager (SEPM) affected by the following OpenSSL Vulnerabilities:
Symantec Endpoint protection manager 14.3.x
The Symantec Endpoint Protection Manager is NOT affected by the below CVEs:
CVE | Assessment | Mitigation | Notes (internal) |
CVE-2023-5363 Vulnerability | Not vulnerable | Issue does not affect FIPS while 3.0.9 is used by FIPS only | |
CVE-2023-4807 Denial of Score Vulnerability | Not vulnerable | None | No impact since we are using the x86 version of OpenSSL. |
CVE-2023-3817 Denial of Service Vulnerability | Not vulnerable | DH_check, DH_check_ex() or EVP_PKEY_param_check are not used by SEPM and its components | |
CVE-2023-2975 Authentication Bypass Vulnerability | Not vulnerable | SEPM apache does not use that specific cipher | |
CVE-2023-6129 Out of Bounds Write Vulnerability | Not vulnerable | OpenSSL versions 3.0.0 to 3.0.12, 3.1.0 to 3.1.4 and 3.2.0 are vulnerable to this issue. The FIPS provider is not affected because the POLY1305 MAC algorithm is not FIPS approved and the FIPS provider does not implement it. https://www.openssl.org/news/secadv/20240109.txt |
|