The GoTo Community is currently experiencing some technical issues affecting new posts and comments. We are actively working with our service provider and apologize for the frustration.
Forum Discussion
Solved
GoToAssist Agent Vulnerabilities
Our Microsoft Defender Endpoint reported vulnerabilities in Openssl for the following GoToAssist agent files. I asked GoToAssist support but they don't have an estimated time frame of resolution. Should we find other remote tool?
c:\program files\goto\gotoassist agent desktop console\libssl-3-x64.dll
c:\program files\goto\gotoassist agent desktop console\libcrypto-3-x64.dll
Associated CVEs (Severity): CVE-2023-2650 (High), CVE-2023-4807 (High), CVE-2023-0464 (Medium), CVE-2023-6129 (Medium), CVE-2023-2975 (Medium), CVE-2023-5363 (Medium).
Hi CRBigBusTours, welcome to the community.
Yes, GoToAssist Remote Support v4.8.0.1712 that was released in October 2024 included an update to OpenSSL v3.0.14 The latest release of GoToAssist Remote Support v4 is v4.8.0.1716 which was released in December 2024
14 Replies
Hi CRBigBusTours, welcome to the community.
Yes, GoToAssist Remote Support v4.8.0.1712 that was released in October 2024 included an update to OpenSSL v3.0.14 The latest release of GoToAssist Remote Support v4 is v4.8.0.1716 which was released in December 2024
Hi GlennD,
We're trying to tackle a ton of OpenSSL vulnerabilities and GTA is one of our biggest hitters. Do you know if this has been patched to v3.0.14?
Thanks
Great - thank you Glenn!
Hi DaveK153, welcome to the community.
The current status is GTA v5 is using v3.0.13 of OpenSSL and our team will be updating to v3.0.14 as soon as possible after it is released. It appears OpenSSL sees this as a low severity https://www.openssl.org/news/secadv/20240408.txt
Has this issue been resolved yet in terms of release of new client with updated OpenSSL?? We are getting OpenSSL vulnerabilities scores in MS Defender and they all seem to be related to the unassisted client.
Thank you for the good news. I will wait it.
Hi IBUS, welcome to the community.
I can confirm that we have an update to GoToAssist Remote Support v5 coming that will update the version of OpenSSL being used (final release date still to be confirmed).
With GoToAssist Remote Support v4 I am waiting for some final details, but my understanding is that because we accepts TLS v1-2 on the server side this is not a concern.
There is no LogMeIn folder under my AppData\Local\Programs
Interesting. I wonder why the difference in installation and file location between Win 10 (Pro in my case) vs. your Win 11??? Do you have anything under: AppData\Local\Programs\LogMeIn\GoToAssist Agent Desktop Console
I downloaded 64-bit version (G2AAgentDesktopConsole-x64.msi) and installed, then files are extracted under C:\Program Files\GoTo\GoToAssist Agent Desktop Console. Our OS is Win11.
