CVE-2022-26488

Severity Score

7.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.

En Python versiones anteriores a 3.10.3 en Windows, los usuarios locales pueden alcanzar privilegios porque la ruta de búsqueda no está asegurada apropiadamente. El instalador puede permitir a un atacante local añadir directorios escribibles por el usuario a la ruta de búsqueda del sistema. Para explotarla, un administrador debe haber instalado Python para todos los usuarios y habilitar las entradas PATH. Un usuario no administrador puede desencadenar una reparación que añada incorrectamente rutas escribibles por el usuario en el PATH, permitiendo el secuestro de la ruta de búsqueda de otros usuarios y servicios del sistema. Esto afecta a Python (CPython) versiones hasta 3.7.12, versiones 3.8.x hasta 3.8.12, versiones 3.9.x hasta 3.9.10, y versiones 3.10.x hasta 3.10.2

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-03-06 CVE Reserved
2022-03-07 CVE Published
2023-03-08 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-426: Untrusted Search Path

CAPEC

References (2)

URL	Tag	Source
https://mail.python.org/archives/list/security-announce%40python.org/thread/657Z4XULWZNIY5FRP3OWXHYKUSIH6DMN	X_refsource_misc
https://security.netapp.com/advisory/ntap-20220419-0005	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Python Search vendor "Python"	Python Search vendor "Python" for product "Python"	<= 3.7.12 Search vendor "Python" for product "Python" and version " <= 3.7.12"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Python Search vendor "Python"	Python Search vendor "Python" for product "Python"	>= 3.8.0 <= 3.8.12 Search vendor "Python" for product "Python" and version " >= 3.8.0 <= 3.8.12"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Python Search vendor "Python"	Python Search vendor "Python" for product "Python"	>= 3.9.0 <= 3.9.10 Search vendor "Python" for product "Python" and version " >= 3.9.0 <= 3.9.10"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Python Search vendor "Python"	Python Search vendor "Python" for product "Python"	>= 3.10.0 <= 3.10.2 Search vendor "Python" for product "Python" and version " >= 3.10.0 <= 3.10.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Python Search vendor "Python"	Python Search vendor "Python" for product "Python"	3.11.0 Search vendor "Python" for product "Python" and version "3.11.0"	alpha1	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Python Search vendor "Python"	Python Search vendor "Python" for product "Python"	3.11.0 Search vendor "Python" for product "Python" and version "3.11.0"	alpha2	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Python Search vendor "Python"	Python Search vendor "Python" for product "Python"	3.11.0 Search vendor "Python" for product "Python" and version "3.11.0"	alpha3	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Python Search vendor "Python"	Python Search vendor "Python" for product "Python"	3.11.0 Search vendor "Python" for product "Python" and version "3.11.0"	alpha4	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Python Search vendor "Python"	Python Search vendor "Python" for product "Python"	3.11.0 Search vendor "Python" for product "Python" and version "3.11.0"	alpha5	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Python Search vendor "Python"	Python Search vendor "Python" for product "Python"	3.11.0 Search vendor "Python" for product "Python" and version "3.11.0"	alpha6	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		windows		Affected
Netapp Search vendor "Netapp"		Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility"				-		-		Affected