CVE-2022-0778 OpenSSL infinite loop vulnerability

cancel
Showing results for 
Search instead for 
Did you mean: 

CVE-2022-0778 OpenSSL infinite loop vulnerability

L3 Networker

CVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 (paloaltonetworks.com)

 

Further to this one, it mentions that Globalprotect is affected but doesnt say whether a client software update is required.

Do you know if the Globalprotect client will need updating?

1 REPLY 1

L4 Transporter

The CVE says they are working on "fixes to remove the vulnerable code from our PAN-OS, GlobalProtect app, and Cortex XDR agent", so i am expecting GP client software as well as the PANOS. But yeah... kind of left us hanging in the initial CVE release saying to update to the "-hf" release... which doesn't exist yet, then later updating the CVE to "ETA April '22".

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!