// For flags

CVE-2022-26305

Execution of Untrusted Macros Due to Improper Certificate Validation

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.

Una vulnerabilidad de Comprobación Inapropiada de Certificados en LibreOffice en la que la determinación de si una macro estaba firmada por un autor confiable al comparar únicamente el número de serie y la cadena del emisor del certificado usado con los de un certificado confiable. Esto no es suficiente para verificar que la macro fue realmente firmada con el certificado. Por lo tanto, un adversario podría crear un certificado arbitrario con un número de serie y una cadena de emisor idénticos a los de un certificado confiable, que LibreOffice presentaría como pertenecientes al autor confiable, lo que podría conllevar que el usuario ejecutara código arbitrario contenido en macros no debidamente confiables. Este problema afecta a: The Document Foundation LibreOffice versiones 7.2 anteriores a 7.2.7; versiones 7.3 anteriores a 7.3.1

An Improper Certificate Validation vulnerability was found in LibreOffice, where determining if a trusted author signed a macro was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. This flaw allows an adversary to create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user executing arbitrary code contained in the improperly trusted macros.

*Credits: OpenSource Security GmbH on behalf of the German Federal Office for Information Security
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-02-28 CVE Reserved
  • 2022-07-25 CVE Published
  • 2024-02-15 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-295: Improper Certificate Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libreoffice
Search vendor "Libreoffice"
Libreoffice
Search vendor "Libreoffice" for product "Libreoffice"
>= 7.2.0 < 7.2.7
Search vendor "Libreoffice" for product "Libreoffice" and version " >= 7.2.0 < 7.2.7"
-
Affected
Libreoffice
Search vendor "Libreoffice"
Libreoffice
Search vendor "Libreoffice" for product "Libreoffice"
>= 7.3.0 < 7.3.2
Search vendor "Libreoffice" for product "Libreoffice" and version " >= 7.3.0 < 7.3.2"
-
Affected