PSIRT

OpenSSL Security Advisory [26 Jan 2017]

Summary

The OpenSSL project released an advisory on Jan 26th, 2017, describing 3 Moderate, 1 Low severity vulnerabilities, as listed below:Â

CVE-2017-3731: Truncated packet could crash via OOB read
CVE-2017-3730: Bad (EC)DHE parameters cause a client crash
CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055: Montgomery multiplication may produce incorrect results

Affected Products

FortiOS versions 5.4.5 and below are impacted by CVEs:
CVE-2017-3732
CVE-2016-7055
FortiAnalyzer versions 5.4.2 and below are impacted by CVEs:
CVE-2017-3731
CVE-2017-3732
FortSwitch versions 3.5.2 and below are impacted by CVEs:
CVE-2017-3731
CVE-2017-3732
CVE-2016-7055
FortiAP versions 5.4.2 and below are potentially impacted by these CVEs:
CVE-2017-3731
CVE-2016-7055

Solutions

For FortiOS: Upgrade to firmware version at least 5.4.6, 5.6.0 For FortiAnalyzer: Upgrade to firmware version at least 5.4.3 or 5.6.0 For FortiSwitch: Upgrade to firmware version at least 3.5.3 or 3.6.0 For FortiAP: Upgrade to firmware version at least 5.4.3 or 5.6.0

References

https://www.openssl.org/news/secadv/20170126.txt

IR Number	FG-IR-17-019
Date	Jul 13, 2018
Severity	Medium
CVSSv3 Score	5.3
Impact	Denial of Service
CVE ID	CVE-2016-7055 CVE-2017-3730 CVE-2017-3731 CVE-2017-3732
CVRF	Download

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

PSIRT

OpenSSL Security Advisory [26 Jan 2017]

Summary

Affected Products

Solutions

References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

PSIRT

OpenSSL Security Advisory [26 Jan 2017]

Summary

Affected Products

Solutions

References

Threat Intelligence
Center