Hello,
after upgrade of our computers, FortiClient reports this issues on OpenSSL inside Veeam Agent.
OpenSSL AES-XTS cipher decryption Denial of Service Vulnerability
C:\Program Files\Common Files\Veeam\OpenSSL3\Win32\openssl.exe
C:\Program Files\Common Files\Veeam\OpenSSL3\x64\openssl.exe
OpenSSL CVE-2023-2975 Authentication Bypass Vulnerability
C:\Program Files\Common Files\Veeam\OpenSSL3\Win32\openssl.exe
C:\Program Files\Common Files\Veeam\OpenSSL3\x64\openssl.exe
OpenSSL CVE-2023-3817 Denial of Service Vulnerability
C:\Program Files\Common Files\Veeam\OpenSSL3\Win32\openssl.exe
C:\Program Files\Common Files\Veeam\OpenSSL3\x64\openssl.exe
etc. 12 total for OpenSSL 3.0.8.
Is there any plan to upgrade OpenSSL inside Agent? Current version 13.0.1.120
-
hasoft
- Novice
- Posts: 9
- Liked: 1 time
- Joined: Sep 29, 2018 10:19 am
- Full Name: Zdenek Vasku
- Contact:
-
Gostev
- Chief Product Officer
- Posts: 32895
- Liked: 8052 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Veeam Agent OpenSSL vulnerabilities
Please note that we're using FIPS-certified versions of OpenSSL only, so it's not a simple "upgrade to the latest OpenSSL version" for us, we need to wait for a later version to get certified first.
Who is online
Users browsing this forum: Amazon [Bot] and 4 guests