OpenSSL Certificate Processing DoS Vulnerability (CVE-2022-0778)
Advisory ID
WGSA-2022-00011
CVE
CVE-2022-0778
Impact
High
Status
Acknowledged
Product Family
Firebox,
Endpoint,
WatchGuard Cloud,
Dimension,
Other Software,
Secure Wi-Fi
Published Date
Updated Date
Workaround Available
True
CVSS Score
7.5
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On 15 March 2022, OpenSSL disclosed CVE-2022-0778, a bug in the BN_mod_sqrt() function responsible for calculating a modular square root, that could cause it to loop forever by crafting a certificate with invalid elliptic curve parameters. An attacker could exploit this vulnerability to trigger a Denial of Service attack against a vulnerable process.
Affected
| Product | Affected Version(s) |
|---|---|
| Firebox | Fireware OS before 12.8_U1, 12.5.9_U2, 12.1.3_U8 |
| WSM | Releases before 12.8 build 656510 |
| Dimension | Mitigated via automatically applied security updates |
| TDR | Releases before 6.0.4.12045 |
| Cloud Wi-Fi APs | Not Impacted |
| DNSWatch | Not Impacted |
| Endpoint | Investigating |
Resolution
| Product | Fixed Version(s) |
|---|---|
| Firebox | Fireware OS 12.8_U1, 12.5.9_U2, 12.1.3_U8 |
| WSM | 12.8 build 656510 |
| Dimension | Mitigated via automatically applied security updates |
| TDR | 6.0.4.12045 |
Advisory Product List
Product Family
Product Branch
Product List
Firebox
XTM 8 Series (2nd Gen)
XTM850,
XTM860,
XTM870,
XTM870-F
Firebox
Firebox T (1st Gen)
T10,
T10-W,
T10-D,
T30,
T30-W,
T50,
T50-W
Firebox
XTM 1500 and 2520
XTM1520-RP,
XTM1525-RP,
XTM2520
Firebox
Firebox T (2nd Gen)
T15,
T15-W,
T35,
T35-W,
T35-R,
T55,
T55-W,
T70
Firebox
Firebox T (3rd Gen)
T20,
T20-W,
T40,
T40-W,
T80
Firebox
Firebox M (2nd Gen)
M270,
M370,
M470,
M570,
M670
Firebox
Firebox M (1st Gen)
M200,
M300,
M400,
M440,
M500
Firebox
Firebox M (3rd Gen)
M290,
M390,
M590,
M690,
M4800,
M5800
Firebox
XTMv
Small,
Medium,
Large,
Datacenter
Firebox
FireboxV
Small,
Medium,
Large,
XLarge
Firebox
FireboxCloud
Small,
Medium,
Large,
XLarge
Endpoint
Panda Dome
Essential,
Advanced,
Complete,
Premium
Endpoint
Panda AD360
AD360
Endpoint
WatchGuard EPDR
EPP,
EDR,
EPDR
WatchGuard Cloud
WatchGuard Cloud
WatchGuard Cloud
WatchGuard Cloud
DNSWatch
DNSWatch
Dimension
Dimension
Dimension
Other Software
WatchGuard System Manager (WSM)
WSM
Other Software
SSL VPN
SSL VPN
Other Software
IPSec VPN
IPSec VPN
Other Software
SSO Exchange Monitor
SSO Exchange Monitor
Other Software
Terminal Services Agent
TS Agent
Other Software
TDR Host Sensor
TDR Host Sensor
Other Software
SSO Client
SSO Client
Other Software
AuthPoint (iOS)
AuthPoint (iOS)
Other Software
AuthPoint (Android)
AuthPoint (Android)
Other Software
Authentication Gateway
Authentication Gateway
Other Software
AuthPoint (Windows)
AuthPoint (Windows)
Other Software
AuthPoint (macOS)
AuthPoint (macOS)
Other Software
Mobile VPN License Sever (MVLS)
MVLS
Secure Wi-Fi
Wi-Fi 6
AP130,
AP330,
AP430CR,
AP432
Secure Wi-Fi
Wi-Fi 4 & 5
AP322,
AP420,
AP125,
AP225W,
AP325,
AP327X