The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Netapp
  • H700s
  • A700s Firmware
  • Snapcenter
  • H700e
  • A250
  • Fas 500f Firmware
  • Aff 8300
  • H500s
  • H410s Firmware
  • Aff A400
  • H300e Firmware
  • H500s Firmware
  • H300s Firmware
  • H700s Firmware
  • Fas 8700 Firmware
  • A700s
  • Active Iq Unified Manager
  • Solidfire\, Enterprise Sds \& Hci Storage Node
  • Aff 8300 Firmware
  • Smi-s Provider
  • Aff 8700 Firmware
  • Fas 500f
  • A250 Firmware
  • Oncommand Insight
  • Clustered Data Ontap Antivirus Connector
  • Aff A400 Firmware
  • H500e
  • Clustered Data Ontap
  • Fas 8300
  • H700e Firmware
  • Fas 8700
  • Fabric-attached Storage A400
  • H300e
  • H300s
  • Fabric-attached Storage A400 Firmware
  • Santricity Smi-s Provider
  • Aff 500f Firmware
  • Aff 8700
  • Snapmanager
  • Oncommand Workflow Automation
  • H410s
  • Fas 8300 Firmware
  • H500e Firmware
  • Solidfire \& Hci Management Node
  • Aff 500f
Oracle
  • Enterprise Manager Ops Center
  • Mysql Server
  • Mysql Workbench
Debian
  • Debian Linux
Openssl
  • Openssl
Fedoraproject
  • Fedora

Configuration 1 [-]

OR cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*
cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas_500f:-:*:*:*:*:*:*:*

Configuration 21 [-]

OR cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*

Configuration 22 [-]

OR cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011 Third Party Advisory
https://security.gentoo.org/glsa/202210-02 Third Party Advisory
https://security.netapp.com/advisory/ntap-20220602-0009/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20220729-0004/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5139 Third Party Advisory
https://www.openssl.org/news/secadv/20220503.txt Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: openssl

Published: 2022-05-03T00:00:00

Updated: 2023-02-14T00:00:00

Reserved: 2022-04-11T00:00:00

Link: CVE-2022-1292

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2022-05-03T16:15:18.823

Modified: 2023-11-07T03:41:52.740

Link: CVE-2022-1292

JSON object: View

cve-icon Redhat Information

No data.

CWE