Secure Mobile Access 100 10.2 Administration Guide

OpenSSL Version Upgrade

In SMA100 firmware version 10.2.1.7 the OpenSSL library is upgraded to version 1.1.1t to fix a vulnerability reported in CVE-2022-4304. This affects SMA 100 firmware version 10.2.1.6 and lower versions. Vulnerability details are mentioned below.

A timing-based side channel exists in the OpenSSL RSA decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher-style attack. To achieve a successful decryption, an attacker can send trial messages in large numbers for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.

To fix the above vulnerability upgrade as soon as possible the SMA 100 firmware to version 10.2.1.7 or higher.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden