Sophos Firewall XG false vulnerability scan on SSL VPN client
Applies to the following Sophos product(s) and version(s)
Sophos Firewall
A ssl vulnerability scan on the SSL VPN client may result in false detection's of the following vulnerabilities.
- CVE-2017-7508 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet)
- CVE-2017-7520 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker)
- CVE-2017-7521 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension())
- CVE-2017-7522 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character)
Development has stated that we are not vulnerable to this attacks and we have patched the client against these.
Article appears in the following topics
