GoToAssist Agent Vulnerabilities
Our Microsoft Defender Endpoint reported vulnerabilities in Openssl for the following GoToAssist agent files. I asked GoToAssist support but they don't have an estimated time frame of resolution. Should we find other remote tool?
c:\program files\goto\gotoassist agent desktop console\libssl-3-x64.dll
c:\program files\goto\gotoassist agent desktop console\libcrypto-3-x64.dll
Associated CVEs (Severity): CVE-2023-2650 (High), CVE-2023-4807 (High), CVE-2023-0464 (Medium), CVE-2023-6129 (Medium), CVE-2023-2975 (Medium), CVE-2023-5363 (Medium).
Hi CRBigBusTours, welcome to the community.
Yes, GoToAssist Remote Support v4.8.0.1712 that was released in October 2024 included an update to OpenSSL v3.0.14 The latest release of GoToAssist Remote Support v4 is v4.8.0.1716 which was released in December 2024