CVE-2022-1292
The c_rehash script allows command injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
El script c_rehash no sanea apropiadamente los meta caracteres del shell para evitar la inyección de comandos. Este script es distribuido por algunos sistemas operativos de manera que es ejecutado automáticamente. En dichos sistemas operativos, un atacante podría ejecutar comandos arbitrarios con los privilegios del script. El uso del script c_rehash es considerado obsoleto y debe ser sustituido por la herramienta de línea de comandos OpenSSL rehash. Corregido en OpenSSL versión 3.0.3 (Afectado 3.0.0,3.0.1,3.0.2). Corregido en OpenSSL versión 1.1.1o (Afectado 1.1.1-1.1.1n). Corregido en OpenSSL versión 1.0.2ze (Afectado 1.0.2-1.0.2zd)
A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-11 CVE Reserved
- 2022-05-03 CVE Published
- 2022-05-24 First Exploit
- 2024-09-16 CVE Updated
- 2024-11-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (21)
URL | Date | SRC |
---|---|---|
https://github.com/alcaparra/CVE-2022-1292 | 2022-07-20 | |
https://github.com/li8u99/CVE-2022-1292 | 2022-05-24 | |
https://github.com/greek0x0/CVE-2022-1292 | 2022-09-01 | |
https://github.com/rama291041610/CVE-2022-1292 | 2022-05-30 | |
https://github.com/und3sc0n0c1d0/CVE-2022-1292 | 2022-12-09 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netapp Search vendor "Netapp" | A700s Firmware Search vendor "Netapp" for product "A700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | A700s Search vendor "Netapp" for product "A700s" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H300s Firmware Search vendor "Netapp" for product "H300s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H500s Firmware Search vendor "Netapp" for product "H500s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H700s Firmware Search vendor "Netapp" for product "H700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H300e Firmware Search vendor "Netapp" for product "H300e Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300e Search vendor "Netapp" for product "H300e" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H500e Firmware Search vendor "Netapp" for product "H500e Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500e Search vendor "Netapp" for product "H500e" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H700e Firmware Search vendor "Netapp" for product "H700e Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700e Search vendor "Netapp" for product "H700e" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H410s Firmware Search vendor "Netapp" for product "H410s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Safe
|
Netapp Search vendor "Netapp" | Aff 8300 Firmware Search vendor "Netapp" for product "Aff 8300 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Aff 8300 Search vendor "Netapp" for product "Aff 8300" | - | - |
Safe
|
Netapp Search vendor "Netapp" | Fas 8300 Firmware Search vendor "Netapp" for product "Fas 8300 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Fas 8300 Search vendor "Netapp" for product "Fas 8300" | - | - |
Safe
|
Netapp Search vendor "Netapp" | Aff 8700 Firmware Search vendor "Netapp" for product "Aff 8700 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Aff 8700 Search vendor "Netapp" for product "Aff 8700" | - | - |
Safe
|
Netapp Search vendor "Netapp" | Fas 8700 Firmware Search vendor "Netapp" for product "Fas 8700 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Fas 8700 Search vendor "Netapp" for product "Fas 8700" | - | - |
Safe
|
Netapp Search vendor "Netapp" | Aff A400 Firmware Search vendor "Netapp" for product "Aff A400 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Aff A400 Search vendor "Netapp" for product "Aff A400" | - | - |
Safe
|
Netapp Search vendor "Netapp" | Fabric-attached Storage A400 Firmware Search vendor "Netapp" for product "Fabric-attached Storage A400 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Fabric-attached Storage A400 Search vendor "Netapp" for product "Fabric-attached Storage A400" | - | - |
Safe
|
Netapp Search vendor "Netapp" | A250 Firmware Search vendor "Netapp" for product "A250 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | A250 Search vendor "Netapp" for product "A250" | - | - |
Safe
|
Netapp Search vendor "Netapp" | Aff 500f Firmware Search vendor "Netapp" for product "Aff 500f Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Aff 500f Search vendor "Netapp" for product "Aff 500f" | - | - |
Safe
|
Netapp Search vendor "Netapp" | Fas 500f Firmware Search vendor "Netapp" for product "Fas 500f Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Fas 500f Search vendor "Netapp" for product "Fas 500f" | - | - |
Safe
|
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | >= 1.0.2 < 1.0.2ze Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2 < 1.0.2ze" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | >= 1.1.1 < 1.1.1o Search vendor "Openssl" for product "Openssl" and version " >= 1.1.1 < 1.1.1o" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | >= 3.0.0 < 3.0.3 Search vendor "Openssl" for product "Openssl" and version " >= 3.0.0 < 3.0.3" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vsphere |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | windows |
Affected
| ||||||
Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Clustered Data Ontap Antivirus Connector Search vendor "Netapp" for product "Clustered Data Ontap Antivirus Connector" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Oncommand Insight Search vendor "Netapp" for product "Oncommand Insight" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Santricity Smi-s Provider Search vendor "Netapp" for product "Santricity Smi-s Provider" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Smi-s Provider Search vendor "Netapp" for product "Smi-s Provider" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Snapmanager Search vendor "Netapp" for product "Snapmanager" | - | hyper-v |
Affected
| ||||||
Netapp Search vendor "Netapp" | Solidfire\, Enterprise Sds \& Hci Storage Node Search vendor "Netapp" for product "Solidfire\, Enterprise Sds \& Hci Storage Node" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Solidfire \& Hci Management Node Search vendor "Netapp" for product "Solidfire \& Hci Management Node" | - | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center" | 12.4.0.0 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.4.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Mysql Server Search vendor "Oracle" for product "Mysql Server" | >= 5.0.0 <= 5.7.38 Search vendor "Oracle" for product "Mysql Server" and version " >= 5.0.0 <= 5.7.38" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Mysql Server Search vendor "Oracle" for product "Mysql Server" | >= 8.0.0 <= 8.0.29 Search vendor "Oracle" for product "Mysql Server" and version " >= 8.0.0 <= 8.0.29" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Mysql Workbench Search vendor "Oracle" for product "Mysql Workbench" | <= 8.0.29 Search vendor "Oracle" for product "Mysql Workbench" and version " <= 8.0.29" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
|