How to address CVE-2022-37026 vulnerability in Expedition

Showing results for 
Show  only  | Search instead for 
Did you mean: 
L6 Presenter
Did you find this article helpful? Yes No
No ratings


Expedition is vulnerable to CVE-2022-37026, below are the Detail about the vulnerability :

In Erlang/OTP before, 24.x before, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.



Issue below command in Expedition CLI:

$apt list --installed | grep erlang 

the result will show erlang package is v22.x which is vulnerable to the CVE



Summary: Run below commands in Expedition CLI to add new repositories and upgrade the two packages to the stated version:


rabbitmq-server: 3.11.4-1
erlang: 25.0.4



$sudo -su root

$service mysql stop

$apt-get remove rabbitmq-server && apt-get purge rabbitmq-server

$apt-get remove erlang && apt-get purge erlang

$apt autoremove

$apt install wget

$wget -O- | sudo apt-key add -

$echo "deb focal contrib" | sudo tee /etc/apt/sources.list.d/erlang-solution.list

$curl -s | sudo bash

$apt-get install rabbitmq-server

$apt autoremove

$apt purge

$service mysql start


Verify the two packages are updated with the required version with below commands:


$apt list --installed | grep erlang 

$apt list --installed | grep rabbitmq-server


Screen Shot 2022-12-14 at 9.02.49 AM.png


Rate this article: