CVE-2022-2068
Published on: Not Yet Published
Last Modified on: 03/01/2023 04:23:00 PM UTC
Certain versions of Sannav from Broadcom contain the following vulnerability:
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
- CVE-2022-2068 has been assigned by
[email protected] to track the vulnerability - currently rated as CRITICAL severity.
- Affected Vendor/Software:
OpenSSL - OpenSSL version Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3)
- Affected Vendor/Software:
OpenSSL - OpenSSL version Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o)
- Affected Vendor/Software:
OpenSSL - OpenSSL version Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)
CVSS3 Score: 9.8 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 10 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Debian -- Security Information -- DSA-5169-1 openssl | www.debian.org Depreciated Link text/html |
![]() |
git.openssl.org Git - openssl.git/commitdiff | git.openssl.org text/xml Inactive LinkNot Archived |
![]() |
[SECURITY] Fedora 35 Update: openssl-1.1.1q-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
![]() |
[SECURITY] Fedora 36 Update: openssl1.1-1.1.1p-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
![]() |
www.openssl.org text/plain |
![]() | |
cert-portal.siemens.com application/pdf |
![]() | |
git.openssl.org Git - openssl.git/commitdiff | git.openssl.org text/xml |
![]() |
CVE-2022-2068 OpenSSL Vulnerability in NetApp Products | NetApp Product Security | security.netapp.com text/html |
![]() |
git.openssl.org Git - openssl.git/commitdiff | git.openssl.org text/xml |
![]() |
Related QID Numbers
- 160014 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-5818)
- 160025 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9683)
- 160072 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-6224)
- 179493 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5169-1)
- 198839 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-5488-1)
- 240588 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:5818)
- 240641 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:6224)
- 240996 Red Hat Update for JBoss Core Services (RHSA-2022:8840)
- 282896 Fedora Security Update for openssl1.1 (FEDORA-2022-3b7d0abd0b)
- 282968 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-41890e9e44)
- 296084 Oracle Solaris 11.4 Support Repository Update (SRU) 50.126.3 Missing (CPUOCT2022)
- 296085 Oracle Solaris 11.3 Support Repository Update (SRU) 36.30.0 Missing (CPUOCT2022)
- 330109 IBM Advanced Interactive eXecutive (AIX) Open Secure Sockets Layer (OpenSSL) Arbritary Code Execution Vulnerability (openssl_advisory36)
- 354035 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2022-1626
- 354040 Amazon Linux Security Advisory for Open Secure Sockets Layer11 (OpenSSL11) : ALAS2-2022-1832
- 354042 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2-2022-1831
- 354371 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-123
- 354459 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-195
- 354579 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2022-195
- 354639 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : AL2012-2022-371
- 355250 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-051
- 377563 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX3-SA-2022:0148)
- 377937 Splunk Enterprise Multiple Vulnerabilities (svd-2022-0804)
- 38895 Open Secure Sockets Layer (OpenSSL) Command Injection Vulnerability
- 591193 Mitsubishi Electric GT SoftGOT2000 OS COMMAND INJECTION Vulnerability (ICSA-22-319-01, 2022-012)
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 672020 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2228)
- 672054 EulerOS Security Update for compat-openssl (EulerOS-SA-2022-2215)
- 672094 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2300)
- 672096 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2329)
- 672153 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2446)
- 672162 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2419)
- 672172 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2432)
- 672251 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2629)
- 672447 EulerOS Security Update for linux-sgx (EulerOS-SA-2022-2852)
- 690881 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (4eeb93bf-f204-11ec-8fbd-d4c9ef517024)
- 730739 IBM Aspera Faspex Multiple Security Vulnerabilities (6952319)
- 752266 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2022:2181-1)
- 752269 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2022:2180-1)
- 752272 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2022:2179-1)
- 752273 SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2022:2182-1)
- 752280 SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2022:2197-1)
- 752283 SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2022:2251-1)
- 752298 SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2022:2308-1)
- 752301 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2022:2309-1)
- 752308 SUSE Enterprise Linux Security Update for openssl-3 (SUSE-SU-2022:2306-1)
- 752323 SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2022:2321-1)
- 902361 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9971)
- 902363 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9967)
- 902389 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9967-1)
- 902477 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9971-1)
- 940611 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2022:5818)
- 940649 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2022:6224)
- 960214 Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2022:5818)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Broadcom | Sannav | - | All | All | All |
Operating System | Debian | Debian Linux | 10.0 | All | All | All |
Operating System | Debian | Debian Linux | 11.0 | All | All | All |
Operating System | Fedoraproject | Fedora | 35 | All | All | All |
Operating System | Fedoraproject | Fedora | 36 | All | All | All |
Hardware
| Netapp | Aff 8300 | - | All | All | All |
Operating System | Netapp | Aff 8300 Firmware | - | All | All | All |
Hardware
| Netapp | Aff 8700 | - | All | All | All |
Operating System | Netapp | Aff 8700 Firmware | - | All | All | All |
Hardware
| Netapp | Aff A400 | - | All | All | All |
Operating System | Netapp | Aff A400 Firmware | - | All | All | All |
Operating System | Netapp | Bootstrap Os | - | All | All | All |
Application | Netapp | Element Software | - | All | All | All |
Hardware
| Netapp | Fas 8300 | - | All | All | All |
Operating System | Netapp | Fas 8300 Firmware | - | All | All | All |
Hardware
| Netapp | Fas 8700 | - | All | All | All |
Operating System | Netapp | Fas 8700 Firmware | - | All | All | All |
Hardware
| Netapp | Fas A400 | - | All | All | All |
Operating System | Netapp | Fas A400 Firmware | - | All | All | All |
Hardware
| Netapp | H300s | - | All | All | All |
Operating System | Netapp | H300s Firmware | - | All | All | All |
Hardware
| Netapp | H410c | - | All | All | All |
Operating System | Netapp | H410c Firmware | - | All | All | All |
Hardware
| Netapp | H410s | - | All | All | All |
Operating System | Netapp | H410s Firmware | - | All | All | All |
Hardware
| Netapp | H500s | - | All | All | All |
Operating System | Netapp | H500s Firmware | - | All | All | All |
Hardware
| Netapp | H610c | - | All | All | All |
Operating System | Netapp | H610c Firmware | - | All | All | All |
Hardware
| Netapp | H610s | - | All | All | All |
Operating System | Netapp | H610s Firmware | - | All | All | All |
Hardware
| Netapp | H615c | - | All | All | All |
Operating System | Netapp | H615c Firmware | - | All | All | All |
Hardware
| Netapp | H700s | - | All | All | All |
Operating System | Netapp | H700s Firmware | - | All | All | All |
Hardware
| Netapp | Hci Compute Node | - | All | All | All |
Application | Netapp | Hci Management Node | - | All | All | All |
Application | Netapp | Ontap Antivirus Connector | - | All | All | All |
Application | Netapp | Ontap Select Deploy Administration Utility | - | All | All | All |
Application | Netapp | Santricity Smi-s Provider | - | All | All | All |
Application | Netapp | Smi-s Provider | - | All | All | All |
Application | Netapp | Snapmanager | - | All | All | All |
Application | Netapp | Solidfire | - | All | All | All |
Application | Openssl | Openssl | All | All | All | All |
Application | Siemens | Sinec Ins | All | All | All | All |
Application | Siemens | Sinec Ins | 1.0 | - | All | All |
Application | Siemens | Sinec Ins | 1.0 | sp1 | All | All |
Application | Siemens | Sinec Ins | 1.0 | sp2 | All | All |
- cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:fas_a400:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:fas_a400_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*:
- cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
- cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*:
- cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*:
- cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*:
- cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*:
Discovery Credit
Chancen (Qingteng 73lab)
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2022-2068 is another r_rehash script issue openssl.org/news/secadv/20… | 2022-06-21 14:27:51 |
![]() |
OpenSSL Security Advisory [21 June 2022] The c_rehash script allows command injection (CVE-2022-2068) Severity: M… twitter.com/i/web/status/1… | 2022-06-21 14:39:49 |
![]() |
CVE-2022-2068 : In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstan… twitter.com/i/web/status/1… | 2022-06-21 14:48:40 |
![]() |
Potentially Critical CVE Detected! CVE-2022-2068 In addition to the c_rehash shell command injection identified in… twitter.com/i/web/status/1… | 2022-06-21 15:56:01 |
![]() |
CVE-2022-2068 | 2022-06-21 16:38:39 |
![]() |
March 21, 2023 GCP release notes | 2023-03-22 01:00:07 |
![]() |
March 24, 2023 GCP release notes | 2023-03-25 01:00:08 |
![]() |
DSM Version: 7.2-64561 | 2023-05-22 03:16:44 |