CVE-2022-1343

OCSP_basic_verify may incorrectly verify the response signing certificate

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

La función "OCSP_basic_verify" verifica el certificado del firmante en una respuesta OCSP. En el caso de que sea usado el flag (no predeterminada) OCSP_NOCHECKS, la respuesta será positiva (lo que significa una verificación exitosa) incluso en el caso de que el certificado firmante de la respuesta no sea verificada. Es previsto que la mayoría de los usuarios de "OCSP_basic_verify" no usarán el indicador OCSP_NOCHECKS. En este caso, la función "OCSP_basic_verify" devolverá un valor negativo (indicando un error fatal) en caso de que falle la verificación del certificado. El valor de retorno normal esperado en este caso sería 0. Este problema también afecta a la aplicación de línea de comandos OpenSSL "ocsp". Cuando es verificada una respuesta ocsp con la opción "-no_cert_checks", la aplicación de línea de comandos informará de que la verificación se ha realizado con éxito aunque en realidad haya fallado. En este caso, la respuesta correcta incorrecta también irá acompañada de mensajes de error que muestran el fallo y contradicen el resultado aparentemente con éxito. Corregido en OpenSSL versión 3.0.3 (Afectado 3.0.0,3.0.1,3.0.2)

A flaw was found in OpenSSL's Online Certificate Status Protocol (OCSP) response functionality in the signer certificate verification routines. This flaw could result in a linked application falsely believing that an x.509 Digital Certificate is either "good" or "unknown" when revoked and requires that the application use a non-default configuration. This vulnerability leads to an issue with data integrity and confidentiality.

*Credits: Raul Metsma

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-13 CVE Reserved
2022-05-03 CVE Published
2023-11-24 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-295: Improper Certificate Validation

CAPEC

References (6)

URL	Tag	Source
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
https://security.netapp.com/advisory/ntap-20220602-0009	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.openssl.org/news/secadv/20220503.txt	2023-11-07
https://access.redhat.com/security/cve/CVE-2022-1343	2022-08-30
https://bugzilla.redhat.com/show_bug.cgi?id=2087911	2022-08-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netapp Search vendor "Netapp"	A250 Firmware Search vendor "Netapp" for product "A250 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	A250 Search vendor "Netapp" for product "A250"	-	-	Safe
Netapp Search vendor "Netapp"	A700s Firmware Search vendor "Netapp" for product "A700s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	A700s Search vendor "Netapp" for product "A700s"	-	-	Safe
Netapp Search vendor "Netapp"	Aff 500f Firmware Search vendor "Netapp" for product "Aff 500f Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Aff 500f Search vendor "Netapp" for product "Aff 500f"	-	-	Safe
Netapp Search vendor "Netapp"	Aff 8300 Firmware Search vendor "Netapp" for product "Aff 8300 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Aff 8300 Search vendor "Netapp" for product "Aff 8300"	-	-	Safe
Netapp Search vendor "Netapp"	Aff 8700 Firmware Search vendor "Netapp" for product "Aff 8700 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Aff 8700 Search vendor "Netapp" for product "Aff 8700"	-	-	Safe
Netapp Search vendor "Netapp"	Aff A400 Firmware Search vendor "Netapp" for product "Aff A400 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Aff A400 Search vendor "Netapp" for product "Aff A400"	-	-	Safe
Netapp Search vendor "Netapp"	Fabric-attached Storage A400 Firmware Search vendor "Netapp" for product "Fabric-attached Storage A400 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Fabric-attached Storage A400 Search vendor "Netapp" for product "Fabric-attached Storage A400"	-	-	Safe
Netapp Search vendor "Netapp"	Fas 500f Firmware Search vendor "Netapp" for product "Fas 500f Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Fas 500f Search vendor "Netapp" for product "Fas 500f"	-	-	Safe
Netapp Search vendor "Netapp"	Fas 8300 Firmware Search vendor "Netapp" for product "Fas 8300 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Fas 8300 Search vendor "Netapp" for product "Fas 8300"	-	-	Safe
Netapp Search vendor "Netapp"	Fas 8700 Firmware Search vendor "Netapp" for product "Fas 8700 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Fas 8700 Search vendor "Netapp" for product "Fas 8700"	-	-	Safe
Netapp Search vendor "Netapp"	H300e Firmware Search vendor "Netapp" for product "H300e Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H300e Search vendor "Netapp" for product "H300e"	-	-	Safe
Netapp Search vendor "Netapp"	H300s Firmware Search vendor "Netapp" for product "H300s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H300s Search vendor "Netapp" for product "H300s"	-	-	Safe
Netapp Search vendor "Netapp"	H410s Firmware Search vendor "Netapp" for product "H410s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H410s Search vendor "Netapp" for product "H410s"	-	-	Safe
Netapp Search vendor "Netapp"	H500e Firmware Search vendor "Netapp" for product "H500e Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H500e Search vendor "Netapp" for product "H500e"	-	-	Safe
Netapp Search vendor "Netapp"	H500s Firmware Search vendor "Netapp" for product "H500s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H500s Search vendor "Netapp" for product "H500s"	-	-	Safe
Netapp Search vendor "Netapp"	H700e Firmware Search vendor "Netapp" for product "H700e Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H700e Search vendor "Netapp" for product "H700e"	-	-	Safe
Netapp Search vendor "Netapp"	H700s Firmware Search vendor "Netapp" for product "H700s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H700s Search vendor "Netapp" for product "H700s"	-	-	Safe
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 3.0.0 < 3.0.3 Search vendor "Openssl" for product "Openssl" and version " >= 3.0.0 < 3.0.3"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		vsphere		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				-		-		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Antivirus Connector Search vendor "Netapp" for product "Clustered Data Ontap Antivirus Connector"				-		-		Affected
Netapp Search vendor "Netapp"		Santricity Smi-s Provider Search vendor "Netapp" for product "Santricity Smi-s Provider"				-		-		Affected
Netapp Search vendor "Netapp"		Smi-s Provider Search vendor "Netapp" for product "Smi-s Provider"				-		-		Affected
Netapp Search vendor "Netapp"		Snapmanager Search vendor "Netapp" for product "Snapmanager"				-		hyper-v		Affected
Netapp Search vendor "Netapp"		Solidfire\, Enterprise Sds \& Hci Storage Node Search vendor "Netapp" for product "Solidfire\, Enterprise Sds \& Hci Storage Node"				-		-		Affected
Netapp Search vendor "Netapp"		Solidfire \& Hci Management Node Search vendor "Netapp" for product "Solidfire \& Hci Management Node"				-		-		Affected