Security advisory SA-2023-021 - OpenSSL BN_mod_sqrt (CVE-2022-0778) is now available.
Summary
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.
Impact Details
| OS/Product |
Exposure |
| Extreme AirDefense |
Yes |
| Extreme Campus Controller (ExtremeCloud Appliance) |
No |
| ExtremeCloud IQ |
No |
| ExtremeGuest (Essentials) |
No |
| ExtremeGuest (On-Premises) |
Yes |
| ExtremeLocation |
No |
| HiveManager Classic On-Premises |
Yes |
| HiveManager Classic Online |
Yes |
| IQVA |
Yes |
| VGVA |
Yes |
| 200-series |
Yes |
| BOSS |
No |
| EOS (S/K/7100) |
Investigating |
| ISW |
Yes |
| Extreme Fabric Automation (EFA) |
No |
| Extreme Visibility Manager (XVM) |
Yes |
Repair Recommendations
Extreme AirDefense:
- Fixed in 10.5.0-05b3 and later.
ExtremeGuest (On-Premises):
- Will not fix.
200-series:
- TBD (check full article linked below for updates)
ISW:
- TBD (check full article linked below for updates)
Extreme Visibility Manager (XVM):
- Upgrade to XCO 3.1.
Please see the full security advisory article here for more details.
