On May 3 2022, OpenSSL published a security advisory disclosing a command injection vulnerability in the c_rehash script included with the library. Some operating systems automatically execute this script as a part of normal operations which could allow an attacker to execute arbitrary commands with elevated privileges.
WatchGuard is investigating its product line to determine which products or cloud services may be affected by this vulnerability.
|Mitigated via automatically applied security updates
|Cloud Wi-Fi APs
|Dimension automatically installs security updates and has updated OpenSSL to a non-vulnerable version
|DNSWatch engineering deployed a fix to mitigate CVE-2022-1292 in our cloud environment