CVE-2022-2068

Published Jun 21, 2022

Last updated 8 months ago

CVSS high 7.3

Overview

Description: In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
Source: openssl-security@openssl.org
NVD status: Analyzed
Products: openssl, debian_linux, fedora, sinec_ins, element_software, hci_management_node, ontap_antivirus_connector, ontap_select_deploy_administration_utility, santricity_smi-s_provider, smi-s_provider, snapmanager, solidfire, bootstrap_os, h615c_firmware, h610s_firmware, h610c_firmware, h410c_firmware, h300s_firmware, h500s_firmware, h700s_firmware, h410s_firmware, fas_8300_firmware, fas_8700_firmware, fas_a400_firmware, aff_8300_firmware, aff_8700_firmware, aff_a400_firmware, sannav

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.3
Impact score: 5.9
Exploitability score: 1.3
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "C9B6EB2C-EF9B-44AF-B083-BF59B8107801",
            "versionEndExcluding": "1.0.2zf",
            "versionStartIncluding": "1.0.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "5EAA5CAF-1DE6-4730-9E07-9E6594A5D6BF",
            "versionEndExcluding": "1.1.1p",
            "versionStartIncluding": "1.1.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4188DBDA-354F-4939-904D-0A9F8A8AB703",
            "versionEndExcluding": "3.0.4",
            "versionStartIncluding": "3.0.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
            "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
            "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5",
            "versionEndExcluding": "1.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
            "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
            "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
            "matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "759D1A24-B23B-404E-AD39-F18D7DBAD501",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*",
            "matchCriteriaId": "80774A35-B0B8-4F9C-99CA-23849978D158",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "D5CDADAB-72A5-4526-8432-E6C9AC56B29F",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E64576DE-90F0-4F5E-9C82-AB745CFEDBB7",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "EF5AFE69-7990-4F80-9E63-D8AD58AA3A2D",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "6415E28A-4EAC-4F7F-BD81-1A55CE8B6F40",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:fas_a400_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "CAA3A789-79F7-4DC8-9722-3958A3162EB4",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:fas_a400:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "18C138F0-706F-44A8-880E-133F66DE164A",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "CA79D39A-A5F2-4C44-A805-5113065F8C25",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "4CA55FBD-6EBA-49C8-92BA-2B1BCCB18A3A",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "70ECC434-DF20-49A6-B4CF-D5CCA480E57D",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "232DC609-8023-41F9-8CE3-1B31CE2F2D93",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "F3E70A56-DBA8-45C7-8C49-1A036501156F",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E5BAE3DB-F5EE-4AFB-A60E-FE8B809BDE66",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References