OpenSSL CVE-2022-3602 and CVE-2022-3786
Advisory ID
WGSA-2022-00021
CVE
CVE-2022-3602, CVE-2022-3786
Impact
High
Status
Not Applicable
Product Family
Firebox,
Endpoint,
WatchGuard Cloud,
Dimension,
Other Software,
Secure Wi-Fi
Published Date
Updated Date
Workaround Available
True
CVSS Score
9.0
CVSS Vector
TBD
Summary
Updated 2 November 2022, 12:22 PDT: Added response for Endpoint products
On 1 November 2022, OpenSSL disclosed CVE-2022-3602 and CVE-2022-3786, two high severity buffer overflow vulnerabilities in certificate validation present in OpenSSL 3.0.x up to and including 3.0.6. An attacker could exploit either vulnerability with a maliciously-crafted certificate that has been signed by a trusted certificate authority.
Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors have led this to be downgraded to HIGH.
Affected
| Product | Affected Version(s) | Note |
|---|---|---|
| Firebox | Not Impacted | The Firebox does not use a vulnerable version of OpenSSL |
| WSM | Not Impacted | WSM does not use a vulnerable version of OpenSSL |
| Dimension | Not Impacted | Dimension does not use a vulnerable version of OpenSSL |
| Cloud Wi-Fi APs | Not Impacted | WatchGuard APs do not use a vulnerable version of OpenSSL |
| Endpoint | Not Impacted | WatchGuard EPDR and Panda AD360 do not use a vulnerable version of OpenSSL |
Resolution
| Product | Affected Version(s) | Note |
|---|---|---|
| Firebox | Not Impacted | The Firebox does not use a vulnerable version of OpenSSL |
| WSM | Not Impacted | WSM does not use a vulnerable version of OpenSSL |
| Dimension | Not Impacted | Dimension does not use a vulnerable version of OpenSSL |
| Cloud Wi-Fi APs | Not Impacted | WatchGuard APs do not use a vulnerable version of OpenSSL |
| Endpoint | Not Impacted | WatchGuard EPDR and Panda AD360 do not use a vulnerable version of OpenSSL |
Advisory Product List
Product Family
Product Branch
Product List
Firebox
XTM 8 Series (2nd Gen)
XTM850,
XTM860,
XTM870,
XTM870-F
Firebox
Firebox T (1st Gen)
T10,
T10-W,
T10-D,
T30,
T30-W,
T50,
T50-W
Firebox
XTM 1500 and 2520
XTM1520-RP,
XTM1525-RP,
XTM2520
Firebox
Firebox T (3rd Gen)
T20,
T20-W,
T40,
T40-W,
T80
Firebox
Firebox M (1st Gen)
M200,
M300,
M400,
M440,
M500
Firebox
Firebox M (2nd Gen)
M270,
M370,
M470,
M570,
M670
Firebox
Firebox T (2nd Gen)
T15,
T15-W,
T35,
T35-W,
T35-R,
T55,
T55-W,
T70
Firebox
Firebox M (3rd Gen)
M290,
M390,
M590,
M690,
M4800,
M5800
Firebox
FireboxV
Small,
Medium,
Large,
XLarge
Firebox
XTMv
Small,
Medium,
Large,
Datacenter
Firebox
FireboxCloud
Small,
Medium,
Large,
XLarge
Endpoint
Panda Dome
Essential,
Advanced,
Complete,
Premium
Endpoint
Panda AD360
AD360
Endpoint
WatchGuard EPDR
EPP,
EDR,
EPDR
WatchGuard Cloud
WatchGuard Cloud
WatchGuard Cloud
Dimension
Dimension
Dimension
Other Software
WatchGuard System Manager (WSM)
WSM
Secure Wi-Fi
Wi-Fi 6
AP130,
AP330,
AP430CR,
AP432
Secure Wi-Fi
Wi-Fi 4 & 5
AP322,
AP420,
AP125,
AP225W,
AP325,
AP327X