CVE-2022-0778 vulnerability issue

Mark_Feng · ‎03-19-2022

Vul of CVE-2022-0778 found at 2022-03-15 (https://www.openssl.org/news/secadv/20220315.txt),

The openssl version is affects :1.0.2, 1.1.1 and 3.0

It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022.

OpenSSL 1.0.2 users should upgrade to 1.0.2zd (premium support customers only)

OpenSSL 1.1.1 users should upgrade to 1.1.1n

OpenSSL 3.0 users should upgrade to 3.0.2

Does Forti Product is affected by this Vul ?

Stelios_FTNT · ‎04-04-2022

PSIRT Advisory has been published:
https://fortiguard.fortinet.com/psirt/FG-IR-22-059

View solution in original post

sharmaj · ‎03-19-2022

Hi,

Fortinet related products I believe are not directly affected by this.

However, if you are working with Certificate based authentication on SSL VPN, you might still be open to vulnerabilities

Suggestion would be to go with upgrade of OpenSSL as mentioned in order to avoid this .

Jay sharma

Mark_Feng · ‎03-20-2022

Thanks for your reply.

Will Fortinet make a PSIRT about it?

sharmaj · ‎03-20-2022

If this vulnerability is found to be affecting Fortinet related products, then the advisory will be released pertaining to that

Jay sharma

Stelios_FTNT · ‎04-04-2022

PSIRT Advisory has been published:
https://fortiguard.fortinet.com/psirt/FG-IR-22-059

MarthaRich · ‎04-14-2022

I want to know the solution for my CVE-2022-0778 vulnerability issue. And I am really very happy after finding your post. I was looking for business plans for starting a flower shop business and while searching for them online, I have found your post.