PAN-SA-2022-0006 Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602
Informational
Description
The OpenSSL Project has published two high severity vulnerabilities CVE-2022-3786 and CVE-2022-3602 that affect OpenSSL versions 3.0.0 through 3.0.6 on November 1st, 2022.
The Palo Alto Networks Product Security Assurance team has evaluated and confirmed that all products and services are not impacted by these vulnerabilities.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| AutoFocus | None | all |
| Bridgecrew | None | all |
| Cloud NGFW | None | all |
| Cortex Data Lake | None | all |
| Cortex XDR | None | all |
| Cortex XDR Agent | None | all |
| Cortex Xpanse | None | all |
| Cortex XSOAR | None | all |
| Enterprise Data Loss Prevention | None | all |
| Exact Data Matching CLI | None | all |
| Expanse | None | all |
| Expedition Migration Tool | None | all |
| GlobalProtect App | None | all |
| IoT Security | None | all |
| Okyo Garde | None | all |
| Palo Alto Networks App for Splunk | None | all |
| PAN-OS | None | all |
| Prisma Access | None | all |
| Prisma Cloud | None | all |
| Prisma Cloud Compute | None | all |
| Prisma SD-WAN (CloudGenix) | None | all |
| Prisma SD-WAN ION | None | all |
| SaaS Security | None | all |
| User-ID Agent | None | all |
| WildFire Appliance (WF-500) | None | all |
| WildFire Cloud | None | all |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.
Solution
No software updates are required at this time.
NOTE: Cortex XDR Broker VM versions earlier than Cortex XDR Broker VM 17.4.1 contain an affected version of the OpenSSL 3.0 library but are not impacted. There are no scenarios in Cortex XDR Broker VM software that enable successful exploitation of these vulnerabilities. The OpenSSL 3.0 library has been removed from Cortex XDR Broker VM 17.4.1 and later versions for security assurance.
Workarounds and Mitigations
Customers with a Threat Prevention subscription can block known attacks for CVE-2022-3602 by enabling Threat ID 93212 (Applications and Threats content update 8638). This mitigation reduces the risk of exploitation from known exploits.
Frequently Asked Questions
Q. How can I find vulnerable versions of OpenSSL in my environment?
With Prisma Cloud, security teams can prepare to detect and patch vulnerable systems as soon as the fix is available. Prisma Cloud customers can apply controls to address this vulnerability across multiple stages in the application lifecycle, from the code to the cloud.
See https://www.paloaltonetworks.com/blog/prisma-cloud/prepare-openssl-vulnerability/ for more information.