ExtraHop and the Critical OpenSSL vulnerability

ExtraHop appliances do not use the affected version of OpenSSL and are not vulnerable.

ExtraHop is investigating the vulnerability for ways to detect attacks.

This thread may be updated as more details arrive.

2 Likes

Per this blog entry, OpenSSL has lowered the rating of the two vulnerabilities CVE-2022-3786 and CVE-2022-3602 from Critical to High.

ExtraHop EDA sensors connected to ExtraHop cloud services will receive an update soon that will let EDA appliances identify OpenSSL 3.0.x clients.

A Threat Briefing will also be delivered to help identify vulnerable devices.

1 Like