Overview

You have an Exinda which is running on firmware version 4.7.13. You want to know if there is any impact of the following two OpenSSL vulnerabilities reported under the OpenSSL Security Advisory [25 March 2021] on your Exinda:

CVE-2021-3449 NULL pointer deref in signature_algorithms processing

CVE-2021-3450 CA Certificate Check Bypass

 

Information

Exinda v7.4.13 is using OpenSSL 1.0.1e version. Hence both vulnerabilities reported are not impacting EXOS v7.4.13. 

• CVE-2021-3449 vulnerability is impacting all OpenSSL 1.1.1 versions.
• For CVE-2021-3450, the OpenSSL versions 1.1.1.h and newer are affected

Further, it should be noted that in the latest Exinda Firmware version 7.5.0, OpenSSL has been updated to 1.1.1d version, and hence the 'CVE-2021-3449' vulnerability could impact EXOS v7.5.0.

---

For reference, here is the relevant information captured from the OpenSSL Security Advisory: 

CVE-2021-3449 NULL pointer deref in signature_algorithms processing

CVE-2021-3450 CA Certificate Check Bypass

 

 

​