Security advisory SA-2023-021 - OpenSSL BN_mod_sqrt (CVE-2022-0778) is now available.
Summary
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.
Impact Details
OS/Product |
Exposure |
Extreme AirDefense |
Yes |
Extreme Campus Controller (ExtremeCloud Appliance) |
No |
ExtremeCloud IQ |
No |
ExtremeGuest (Essentials) |
No |
ExtremeGuest (On-Premises) |
Yes |
ExtremeLocation |
No |
HiveManager Classic On-Premises |
Yes |
HiveManager Classic Online |
Yes |
IQVA |
Yes |
VGVA |
Yes |
200-series |
Yes |
BOSS |
No |
EOS (S/K/7100) |
Investigating |
ISW |
Yes |
Extreme Fabric Automation (EFA) |
No |
Extreme Visibility Manager (XVM) |
Yes |
Repair Recommendations
Extreme AirDefense:
- Fixed in 10.5.0-05b3 and later.
ExtremeGuest (On-Premises):
- Will not fix.
200-series:
- TBD (check full article linked below for updates)
ISW:
- TBD (check full article linked below for updates)
Extreme Visibility Manager (XVM):
- Upgrade to XCO 3.1.
Please see the full security advisory article here for more details.