[CISCO-SA-OPENSSL-W9SDCC2A] Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022
Severity
High
CVEs
2
On November 1, 2022, the OpenSSL Project announced the following vulnerabilities:
CVE-2022-3602 - X.509 Email Address 4-byte Buffer Overflow
CVE-2022-3786 - X.509 Email Address Variable Length Buffer Overflow
For a description of these vulnerabilities, see OpenSSL Security Advisory [Nov 1 2022] ["https://www.openssl.org/news/secadv/20221101.txt"].
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"]
- ID
- CISCO-SA-OPENSSL-W9SDCC2A
- Severity
- high
- URL
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a
- Published
-
2022-10-28T16:00:00
(22 months ago) - Modified
-
2022-10-28T16:00:00
(22 months ago) - Rights
- Cisco Systems, Inc.
- Other Advisories
-
- ALPINE:CVE-2022-3602
- ALPINE:CVE-2022-3786
- ALSA-2022:7288
- ELSA-2022-10004
- ELSA-2022-7288
- ELSA-2022-9968
- FEDORA-2022-0f1d2e0537
- FEDORA-2022-502f096dce
- FREEBSD:0844671C-5A09-11ED-856E-D4C9EF517024
- GLSA-202211-01
- GLSA-202405-29
- MS:CVE-2022-3602
- MS:CVE-2022-3786
- RHSA-2022:7288
- RLSA-2022:7288
- RUSTSEC-2022-0064
- RUSTSEC-2022-0065
- SECADV-20221101-1
- SECADV-20221101-2
- SUSE-SU-2022:3843-1
- SUSE-SU-2022:4586-1
- USN-5710-1
- VU:794340
Source | # ID | Name | URL |
---|---|---|---|
Snort | 300306 | https://www.snort.org/advisories/talos-rules-2022-11-01 | |
Snort | 300307 | https://www.snort.org/advisories/talos-rules-2022-11-01 | |
Snort | 60790 | https://www.snort.org/rule_docs/1-60790 | |
Cisco | CSAF | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a/csaf/cisco-sa-openssl-W9sdCc2a.json |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |