Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
23 Feb 2017 Closed Medium CVSS v2: 5.0 SA143
Symantec Network Protection products using affected versions of OpenSSL are susceptible to a denial of service vulnerability. A remote attacker can exploit this vulnerability to cause denial of service through application crashes.
No Symantec Network Protection products are vulnerable to CVE-2017-3733.
Additional Product Information
Symantec Network Protection products that use a native installation of OpenSSL but do not install or maintain that implementation are not vulnerable to CVE-2017-3733. However, the underlying platform or application that installs and maintains OpenSSL may be vulnerable. Symantec urges our customers to update the versions of OpenSSL that are natively installed for Client Connector for OS X, Proxy Client for OS X, and Reporter 9.x for Linux.
The following products are not vulnerable: Advanced Secure Gateway
Android Mobile Agent
Symantec HSM Agent for the Luna SP
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
General Auth Connector Login Application
IntelligenceCenter Data Collector
Mail Threat Defense
Norman Shark Industrial Control System Protection
Norman Shark Network Protection
Norman Shark SCADA Protection
ProxyAV ConLog and ConLogXP
Symantec no longer provides vulnerability information for the following products:
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.
A flaw in the SSL/TLS client and server implementation that allows a remote attacker to renegotiate an established SSL session with a different cipher suite and added/removed Encrypt-Than-Mac TLS extension to cause an application crash, resulting in denial of service.