What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Is PRTG affected by CVE-2022-0778

Votes:

1

Is PRTG affected by CVE-2022-0778? If so, is there a fix available?

cve-2022-0778 openssl prtg sleepyopenssl

Created on Mar 17, 2022 11:06:11 AM by  Felix Saure [Paessler Support]



1 Reply

Accepted Answer

Votes:

0

This article applies to PRTG 22.1.75.1569(+) and earlier versions.


In response to the vulnerability in the OpenSSL library, we at Paessler can confirm that our software Paessler PRTG Network Monitor, Paessler PRTG Enterprise Monitor and Paessler PRTG Hosted Monitor do use the affected OpenSSL version described in CVE-2022-0778.

On March 24th, 2022 we released PRTG 22.1.75.1588 that includes the OpenSSL update to version 1.0.2zd that patches the vulnerability. We recommend that you install the update as soon as possible via the Auto-Update feature of PRTG.


Additional Notes: The ITOpsboard for users of PRTG Enterprise Monitor is not affected.


Possible Impact and Mitigation Steps:

The vulnerability can be abused to perform a DoS (denial of service) attack by using a specifically crafted certificate in TLS connections acting as server or client. An attacker can use this to impact the state of remote probes and the PRTG core server and, in the worst case, make them unreachable.

If you cannot update your systems, we recommend the following mitigation steps:

Monitor the status of the PRTG core server and the remote probe connections until you can install the update.


Created on Mar 17, 2022 11:53:05 AM by  Felix Saure [Paessler Support]

Last change on Aug 8, 2022 8:17:01 AM by  Sebastian Kniege [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.