Security News > 2020 > December > DHS-CISA urges admins to patch OpenSSL DoS vulnerability
2020-12-09 12:25
U.S. DHS Cybersecurity and Infrastructure Security Agency has warned admins to upgrade their vulnerable OpenSSL instances immediately.
OpenSSL advisory states, one place where the GENERAL NAME cmp function is used is when OpenSSL validates a certificate's CRL distribution point field.
Another place where GENERAL NAME cmp function is being used in OpenSSL is when comparing the timestamp response token signer to the timestamp authority name.
Reported on November 9th, 2020, by David Benjamin of Google, this vulnerability impacts all versions of OpenSSL 1.0.2 and 1.1.1.
This is perhaps why CISA has issued a security advisory for CVE-2020-1971 prompting server admins to immediately upgrade their OpenSSL instances.
News URL
Related news
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-08 | CVE-2020-1971 | NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. | 5.9 |