new • Last updated
Update to the OpenSSL library in the NDD Print Agent module
Identified Vulnerability
Vulnerabilities have been identified that affect older versions of OpenSSL, a widely used library for implementing security and encryption protocols in HTTPS and TLS communications. The failures refer to specific conditions that allow a malicious agent to exploit unexpected behavior during the processing of certificates or encrypted connections.
Cause of Vulnerability
The vulnerabilities originated from known failures in the OpenSSL package in versions prior to the latest, which left the system susceptible to incorrect behavior in certain TLS/SSL handshake operations.
Impact and Associated Risk
The impact is classified as low, since exploitation depends on specific and unlikely conditions. There is no evidence of active exploitation or exposure of sensitive data. Possible consequences include instability in secure connections and potential compromise of the integrity of encrypted sessions in very specific scenarios.
Corrective Actions Taken
The OpenSSL package has been updated to the latest version in versions 5.29.5 or higher in the NDD Print Agent module. This way, the official fixes made available by the OpenSSL project community will be included.
Actions Required by the End User
Update the NDD Print Agent module to version 5.29.5 or higher.
Registered CVE Identifiers
-
CVE-2024-13176
-
CVE-2024-91437
Conclusion
The vulnerability was identified in the OpenSSL library, not in the NDD Print Agent module.
As part of our ongoing commitment to system safety and integrity, we have performed an update to the affected library version, ensuring that the identified failure has been corrected.