Is PRTG affected by CVE-2022-0778? If so, is there a fix available?
Created on Mar 17, 2022 11:06:11 AM by
Is PRTG affected by CVE-2022-0778
Votes:
1
1 Reply
Accepted Answer
Votes:
0
This article applies to PRTG 22.1.75.1569(+) and earlier versions.
In response to the vulnerability in the OpenSSL library, we at Paessler can confirm that our software Paessler PRTG Network Monitor, Paessler PRTG Enterprise Monitor and Paessler PRTG Hosted Monitor do use the affected OpenSSL version described in CVE-2022-0778.
On March 24th, 2022 we released PRTG 22.1.75.1588 that includes the OpenSSL update to version 1.0.2zd that patches the vulnerability. We recommend that you install the update as soon as possible via the Auto-Update feature of PRTG.
Additional Notes: The ITOpsboard for users of PRTG Enterprise Monitor is not affected.
Possible Impact and Mitigation Steps:
The vulnerability can be abused to perform a DoS (denial of service) attack by using a specifically crafted certificate in TLS connections acting as server or client. An attacker can use this to impact the state of remote probes and the PRTG core server and, in the worst case, make them unreachable.
If you cannot update your systems, we recommend the following mitigation steps:
Monitor the status of the PRTG core server and the remote probe connections until you can install the update.
Created on Mar 17, 2022 11:53:05 AM by
Last change on Aug 8, 2022 8:17:01 AM by
Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
Add comment