Security News > 2020 > December > DHS-CISA urges admins to patch OpenSSL DoS vulnerability
2020-12-09 12:25
U.S. DHS Cybersecurity and Infrastructure Security Agency has warned admins to upgrade their vulnerable OpenSSL instances immediately.
OpenSSL advisory states, one place where the GENERAL NAME cmp function is used is when OpenSSL validates a certificate's CRL distribution point field.
Another place where GENERAL NAME cmp function is being used in OpenSSL is when comparing the timestamp response token signer to the timestamp authority name.
Reported on November 9th, 2020, by David Benjamin of Google, this vulnerability impacts all versions of OpenSSL 1.0.2 and 1.1.1.
This is perhaps why CISA has issued a security advisory for CVE-2020-1971 prompting server admins to immediately upgrade their OpenSSL instances.
News URL
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-08 | CVE-2020-1971 | NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. | 5.9 |