| | OpenSSL 3.0.x Vulnerabilities: CVE-2022-3602 & CVE-2022-3786 |
| Content | Priority: ● High Status: In Progress- Undergoing Analysis First Published: 2 November 2022 Advisory Version: 1.2 References: CVE-2022-3602, CVE-2022-3786 Summary The OpenSSL project group recently released OpenSSL 3.0.7, which patches two serious vulnerabilities affecting versions 3.0.[0-6]: CVE-2022-3786 ("X.509 Email Address Variable Length Buffer Overflow")
CVE-2022-3602 ("X.509 Email Address 4-byte Buffer Overflow") If successfully exploited, these vulnerabilities could allow an attacker to trigger a crash (denial of service), or allow remote code execution. Affected Products Vulnerable Products Hitachi Vantara is currently investigating its product lines to determine if any are affected by this vulnerability. If any products or solutions are found to be impacted, they will be indicated in this section, in subsequent updates to this advisory, along with information regarding mitigations or fixed release versions (if such information is available at the time). Likewise, any products or solutions that have been confirmed not to be affected by the given vulnerability will be listed in the section below. NOTE: If cited, product documentation, including product-specific Alerts and Technical Bulletins, are available to Hitachi Vantara customers logged into Support Connect. | Product | Notes / Fixed Release Version | | This section will be updated with any products confirmed to be vulnerable. | | Products Confirmed Not Vulnerable * As this is an ongoing investigation across all Hitachi Vantara product lines, please note that products may be reclassified as vulnerable as they continue to be evaluated for risk. | Product | Notes / Fixed Release Version | | Hitachi Virtual Storage Platform VSP E990, VSP E790, VSP E590 | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Hitachi Virtual Storage Platform VSP G130, F/G350, VSP F/G370, VSP F/G700, VSP F/G900 | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Hitachi Virtual Storage Platform VSP G200, VSP F/G/N400, VSP F/G/N600, VSP F/G/N800 | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | Hitachi Virtual Storage Platform VSP 5100, VSP 5100H, VSP 5500, VSP 5500H
(VSP 5x00) RAID 900 | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | Hitachi Virtual Storage Platform VSP 5200, VSP 5200H, VSP 5600, VSP 5600H
(VSP 5x00) RAID 900 | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | Hitachi Virtual Storage Platform G1000, F/G1500
(VSP F/G1x00) RAID 800 | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Hitachi Virtual Storage Platform (VSP) RAID 700 | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Hitachi Unified Storage VM (HUS VM) HM700 | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Hitachi Adaptable Modular Storage DF800S, DF800M, DF800H (AMS 2x00) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Hitachi Unified Storage DF850XS, DF850S, DF850MH (HUS 1x0) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Content Platform | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Hitachi Data Ingestor (HDI/HFSM) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Content Intelligence | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Content Platform Gateway | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Content Platform S Series | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Content Platform Anywhere | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Hitachi Content Software for File (HCSF) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Ops Center Protector (HDID) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | HCP for Cloud Scale | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Network Attached Storage | | | HNAS 5000 Series | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | HNAS 4000 Series | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | VSP G/F.N NAS Modules | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | SMU | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Software Products | | | Hitachi Remote Ops (HRO) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Hitachi Remote Access Control Center (RACC) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | Hitachi Ops Center
Analyzer
- vssb Agent
- Detail View Server
- Probe Server | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(OpenSSL is not used.) | Hitachi Ops Center Analyzer
Analyzer
- Common Services
- Server
- View Point
- Probe Server(RAID Agent
- Automator
- Configuration Manager
- Administrator | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | Hitachi Device Manager (HDvM)
Server | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | Hitachi Device Manager (HDvM)
Agent | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(OpenSSL is not used.) | | Hitachi Replication Manager (HRpM) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(OpenSSL is not used.) | | Hitachi Global Link Manager (HGLM) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(OpenSSL is not used.) | | Hitachi Dynamic Link Manager (HDLM) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(OpenSSL is not used.) | | Hitachi Tiered Storage Manager (HTSM) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Hitachi Tuning Manager (HTnM) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | | Hitachi Compute Systems Manager (HCSM) | CVE-2022-3602: Not affected
CVE-2022-3786: Not affected
(Affected OpenSSL versions are not used.) | Recommended Actions Please continue to check this Security Advisory, as new information will be added to it as it becomes available. If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider. The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties. |
| CXone Metadata | CVE,pagetype:knowledgearticle,article:cve |
|