CVE-2021-3712 founded on FortiSIEM Linux Agent

SunatP · ‎04-03-2025

Hi guys,

TL;DR, I have found CVE-2021-3712 on this file /opt/fortinet/fortisiem/linux-agent/lib64/libcrypto.so.1.1.1k,

I need to do some patching or some workaround that resolved this CVE. (This CVE that I've founded)

I have doubt that FortISIEM Linux Agent can be install higher version of Collector?

Like I have collector version 7.1.7 and I would like to installer Agent higher version could it be possible?

Regards,

aebadi · ‎04-03-2025

Hello here is the Compactivity Matrix : Linux agent 5.3.0 - 7.1.7
FortiSIEM Version Compatibility for Rocky Linux Based Releases | FortiSIEM 7.1.7 | Fortinet Document...

RHEL/ROCKY backpatch has CVE-2021-3712 already patched >>>>>> so vulnerability is false positive here. <<<<<<<< # rpm -q --changelog openssl-1.1.1k-12.el8_9.x86_64 | grep -i 3712 - Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings

SunatP · ‎04-07-2025

Hi,

I have seen openssl-1.1.1k only on lib, how to make sure that is patched as openssl-1.1.1k-12?

SunatP · ‎04-08-2025

Hi,

Another question, as far as I knew that openssl-1.1.1k-12.el8_9.x86_64 is below,

- Package Version 1.1.1k

- Package Release 12.el8_9
but after installed why I only seen the openssl-1.1.1k not the full name of package file?

Regards,

CVE-2021-3712 founded on FortiSIEM Linux Agent

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website