Vulnerability Details CVE-2022-2068
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.544
EPSS Ranking 97.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
- https://security.netapp.com/advisory/ntap-20220707-0008/
- https://www.debian.org/security/2022/dsa-5169
- https://www.openssl.org/news/secadv/20220621.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
- https://security.netapp.com/advisory/ntap-20220707-0008/
- https://www.debian.org/security/2022/dsa-5169
- https://www.openssl.org/news/secadv/20220621.txt
Products affected by CVE-2022-2068
-
cpe:2.3:a:broadcom:sannav:-
-
cpe:2.3:a:netapp:element_software:-
-
cpe:2.3:a:netapp:hci_management_node:-
-
cpe:2.3:a:netapp:ontap_antivirus_connector:-
-
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-
-
cpe:2.3:a:netapp:santricity_smi-s_provider:-
-
cpe:2.3:a:netapp:smi-s_provider:-
-
cpe:2.3:a:netapp:snapmanager:-
-
cpe:2.3:a:netapp:solidfire:-
-
cpe:2.3:a:openssl:openssl:1.0.2
-
cpe:2.3:a:openssl:openssl:1.0.2a
-
cpe:2.3:a:openssl:openssl:1.0.2b
-
cpe:2.3:a:openssl:openssl:1.0.2c
-
cpe:2.3:a:openssl:openssl:1.0.2d
-
cpe:2.3:a:openssl:openssl:1.0.2e
-
cpe:2.3:a:openssl:openssl:1.0.2f
-
cpe:2.3:a:openssl:openssl:1.0.2g
-
cpe:2.3:a:openssl:openssl:1.0.2h
-
cpe:2.3:a:openssl:openssl:1.0.2i
-
cpe:2.3:a:openssl:openssl:1.0.2j
-
cpe:2.3:a:openssl:openssl:1.0.2k
-
cpe:2.3:a:openssl:openssl:1.0.2l
-
cpe:2.3:a:openssl:openssl:1.0.2m
-
cpe:2.3:a:openssl:openssl:1.0.2n
-
cpe:2.3:a:openssl:openssl:1.0.2o
-
cpe:2.3:a:openssl:openssl:1.0.2p
-
cpe:2.3:a:openssl:openssl:1.0.2q
-
cpe:2.3:a:openssl:openssl:1.0.2r
-
cpe:2.3:a:openssl:openssl:1.0.2s
-
cpe:2.3:a:openssl:openssl:1.0.2t
-
cpe:2.3:a:openssl:openssl:1.0.2u
-
cpe:2.3:a:openssl:openssl:1.0.2v
-
cpe:2.3:a:openssl:openssl:1.0.2w
-
cpe:2.3:a:openssl:openssl:1.0.2x
-
cpe:2.3:a:openssl:openssl:1.0.2y
-
cpe:2.3:a:openssl:openssl:1.0.2za
-
cpe:2.3:a:openssl:openssl:1.0.2zb
-
cpe:2.3:a:openssl:openssl:1.0.2zc
-
cpe:2.3:a:openssl:openssl:1.0.2zd
-
cpe:2.3:a:openssl:openssl:1.0.2ze
-
cpe:2.3:a:openssl:openssl:1.1.1
-
cpe:2.3:a:openssl:openssl:1.1.1a
-
cpe:2.3:a:openssl:openssl:1.1.1b
-
cpe:2.3:a:openssl:openssl:1.1.1c
-
cpe:2.3:a:openssl:openssl:1.1.1d
-
cpe:2.3:a:openssl:openssl:1.1.1e
-
cpe:2.3:a:openssl:openssl:1.1.1f
-
cpe:2.3:a:openssl:openssl:1.1.1g
-
cpe:2.3:a:openssl:openssl:1.1.1h
-
cpe:2.3:a:openssl:openssl:1.1.1i
-
cpe:2.3:a:openssl:openssl:1.1.1j
-
cpe:2.3:a:openssl:openssl:1.1.1k
-
cpe:2.3:a:openssl:openssl:1.1.1l
-
cpe:2.3:a:openssl:openssl:1.1.1m
-
cpe:2.3:a:openssl:openssl:1.1.1n
-
cpe:2.3:a:openssl:openssl:1.1.1o
-
cpe:2.3:a:openssl:openssl:3.0.0
-
cpe:2.3:a:openssl:openssl:3.0.1
-
cpe:2.3:a:openssl:openssl:3.0.2
-
cpe:2.3:a:openssl:openssl:3.0.3
-
cpe:2.3:a:siemens:sinec_ins:-
-
cpe:2.3:a:siemens:sinec_ins:1.0
-
cpe:2.3:h:netapp:aff_8300:-
-
cpe:2.3:h:netapp:aff_8700:-
-
cpe:2.3:h:netapp:aff_a400:-
-
cpe:2.3:h:netapp:fas_8300:-
-
cpe:2.3:h:netapp:fas_8700:-
-
cpe:2.3:h:netapp:fas_a400:-
-
cpe:2.3:h:netapp:h300s:-
-
cpe:2.3:h:netapp:h410c:-
-
cpe:2.3:h:netapp:h410s:-
-
cpe:2.3:h:netapp:h500s:-
-
cpe:2.3:h:netapp:h610c:-
-
cpe:2.3:h:netapp:h610s:-
-
cpe:2.3:h:netapp:h615c:-
-
cpe:2.3:h:netapp:h700s:-
-
cpe:2.3:h:netapp:hci_compute_node:-
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:fedoraproject:fedora:35
-
cpe:2.3:o:fedoraproject:fedora:36
-
cpe:2.3:o:netapp:aff_8300_firmware:-
-
cpe:2.3:o:netapp:aff_8700_firmware:-
-
cpe:2.3:o:netapp:aff_a400_firmware:-
-
cpe:2.3:o:netapp:bootstrap_os:-
-
cpe:2.3:o:netapp:fas_8300_firmware:-
-
cpe:2.3:o:netapp:fas_8700_firmware:-
-
cpe:2.3:o:netapp:fas_a400_firmware:-
-
cpe:2.3:o:netapp:h300s_firmware:-
-
cpe:2.3:o:netapp:h410c_firmware:-
-
cpe:2.3:o:netapp:h410s_firmware:-
-
cpe:2.3:o:netapp:h500s_firmware:-
-
cpe:2.3:o:netapp:h610c_firmware:-
-
cpe:2.3:o:netapp:h610s_firmware:-
-
cpe:2.3:o:netapp:h615c_firmware:-
-
cpe:2.3:o:netapp:h700s_firmware:-