CVE-2024-9143 security finding for Symantec VIP Enterprise gateway
search cancel

CVE-2024-9143 security finding for Symantec VIP Enterprise gateway

book

Article ID: 401409

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Please confirm the finding if its a false positive or there is a hotfix.  Appears we need to upgrade the third party libcrypto and openssl version.

NIST 800-53 Control(s): SI-2
CVSS Score: 4.3 (Medium)

Instance Detail:
Path             : /opt/Symantec/VIP_Enterprise_Gateway/Validation/bin/libcrypto.so.3
Reported version : 3.0.8
Fixed version    : 3.0.16

Path             : /opt/Symantec/VIP_Enterprise_Gateway/tools/openssl
Reported version : 3.0.8
Fixed version    : 3.0.16

CVE(s):
CVE-2024-9143 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9143

Environment

VIP Enterprise Gateway

Release: 9.11

Resolution

Openssl version is upgraded to 3.4.0 version in VIP EG ( Enterprise gateway) 9.11.1 version. Upgrading to 9.11.1 version will address this vulnerability.

Powered by Wolken Software