This article applies to PRTG 22.1.75.1569(+) and earlier versions.
In response to the vulnerability in the OpenSSL library, we at Paessler can confirm that our software Paessler PRTG Network Monitor, Paessler PRTG Enterprise Monitor and Paessler PRTG Hosted Monitor do use the affected OpenSSL version described in CVE-2022-0778.
On March 24th, 2022 we released PRTG 22.1.75.1588 that includes the OpenSSL update to version 1.0.2zd that patches the vulnerability. We recommend that you install the update as soon as possible via the Auto-Update feature of PRTG.
Additional Notes: The ITOpsboard for users of PRTG Enterprise Monitor is not affected.
Possible Impact and Mitigation Steps:
The vulnerability can be abused to perform a DoS (denial of service) attack by using a specifically crafted certificate in TLS connections acting as server or client. An attacker can use this to impact the state of remote probes and the PRTG core server and, in the worst case, make them unreachable.
If you cannot update your systems, we recommend the following mitigation steps:
Monitor the status of the PRTG core server and the remote probe connections until you can install the update.
Add comment