CVE-2022-1292
Description
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
38.986
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-1292 are fixed in OpenSSL (x64) 1.0.2ze | Windows |
| Vulnerabilities CVE-2022-1292 are fixed in OpenSSL 1.0.2ze | Windows |
| Vulnerabilities CVE-2022-1292 are fixed in OpenSSL (x64) 1.1.1o | Windows |
| Vulnerabilities CVE-2022-1292 are fixed in OpenSSL 1.1.1o | Windows |
| Vulnerabilities CVE-2022-1473,CVE-2022-1434,CVE-2022-1343,CVE-2022-1292 are fixed in OpenSSL (x64) 3.0.3 | Windows |
| Vulnerabilities CVE-2022-1473,CVE-2022-1434,CVE-2022-1343,CVE-2022-1292 are fixed in OpenSSL 3.0.3 | Windows |
| Vulnerabilities CVE-2022-1473,CVE-2022-1434,CVE-2022-1343,CVE-2022-1292,CVE-2022-3786 are fixed in OpenSSL 3.0.3 | Windows |
| Vulnerabilities CVE-2022-1473,CVE-2022-1434,CVE-2022-1343,CVE-2022-1292,CVE-2022-3786 are fixed in OpenSSL (64-bit) 3.0.3 | Windows |
| Vulnerabilities CVE-2022-1473,CVE-2022-1434,CVE-2022-1343,CVE-2022-1292,CVE-2022-3786 are fixed in OpenSSL (MSI)(x64) 3.0.3 | Windows |
| Vulnerabilities CVE-2022-1473,CVE-2022-1434,CVE-2022-1343,CVE-2022-1292,CVE-2022-3786 are fixed in OpenSSL (MSI)(x86) 3.0.3 | Windows |
| Vulnerabilities CVE-2018-25032,CVE-2022-1292,CVE-2022-21515,CVE-2022-27778 are affected in Mysql 5.7.38 | Windows |
| Multiple vulnerabilities are affected in Mysql 8.0.29 | Windows |
| Multiple vulnerabilities are fixed in Couchbase Server Enterprise Edition 6.6.6 | Windows |
| Multiple vulnerabilities are fixed in Couchbase Server Enterprise Edition 7.1.1 | Windows |
| Multiple vulnerabilities are fixed in Couchbase Server Enterprise Edition 7.0.4 | Windows |
| Vulnerabilities CVE-2022-1292,CVE-2022-23308 are affected in MySQL Workbench Enterprise Edition 8.0.29 | Windows |
| Vulnerabilities CVE-2022-1292,CVE-2022-23308 are affected in MySQL Workbench CE (x64) 8.0.29 | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3 | Windows |
| Vulnerabilities CVE-2022-1473,CVE-2022-1434,CVE-2022-1343,CVE-2022-1292,CVE-2022-3786 are fixed in OpenSSL Light 3.0.3 | Windows |
| Vulnerabilities CVE-2022-1473,CVE-2022-1434,CVE-2022-1343,CVE-2022-1292,CVE-2022-3786 are fixed in OpenSSL Light (x64) 3.0.3 | Windows |
| Vulnerabilities CVE-2022-1473,CVE-2022-1434,CVE-2022-1343,CVE-2022-1292,CVE-2022-3786 are fixed in OpenSSL Library 3.0.3 | Windows |
| Vulnerabilities CVE-2022-1473,CVE-2022-1434,CVE-2022-1343,CVE-2022-1292,CVE-2022-3786 are fixed in OpenSSL Library x86 3.0.3 | Windows |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5402-1) libssl3_3.0.2-0ubuntu1.5_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5402-1) libssl3_3.0.2-0ubuntu1.5_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5402-1) libssl1.1_1.1.1l-1ubuntu1.5_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5402-1) libssl1.1_1.1.1l-1ubuntu1.5_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5402-1) libssl1.1_1.1.1f-1ubuntu2.15_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5402-1) libssl1.1_1.1.1f-1ubuntu2.15_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5402-1) libssl1.1_1.1.1-1ubuntu2.1~18.04.19_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5402-1) libssl1.1_1.1.1-1ubuntu2.1~18.04.19_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5402-1) libssl1.0.0_1.0.2n-1ubuntu5.10_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5402-1) libssl1.0.0_1.0.2n-1ubuntu5.10_amd64.deb | Linux |
| openssl security update(DSA-5139-1) openssl_1.1.1n-0+deb10u2_i386.deb | Linux |
| openssl security update(DSA-5139-1) openssl_1.1.1n-0+deb10u2_amd64.deb | Linux |
| openssl security update(DSA-5139-1) openssl_1.1.1n-0+deb11u2_amd64.deb | Linux |
| SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-1.1.1d-2.66.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-32bit-1.1.1d-2.66.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-debuginfo-1.1.1d-2.66.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-debuginfo-32bit-1.1.1d-2.66.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-hmac-1.1.1d-2.66.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-hmac-32bit-1.1.1d-2.66.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-1.1.1d-2.66.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-debuginfo-1.1.1d-2.66.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-debugsource-1.1.1d-2.66.1.x86_64.rpm | Linux |
| Openssl update (ELSA-2022-5818) openssl-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| Openssl-devel update (ELSA-2022-5818) openssl-devel-1.1.1k-7.el8_6.i686.rpm | Linux |
| Openssl-devel update (ELSA-2022-5818) openssl-devel-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| Openssl-libs update (ELSA-2022-5818) openssl-libs-1.1.1k-7.el8_6.i686.rpm | Linux |
| Openssl-libs update (ELSA-2022-5818) openssl-libs-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| Openssl-perl update (ELSA-2022-5818) openssl-perl-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-debugsource-1.1.1k-7.el8_6.i686.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-debugsource-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-devel-1.1.1k-7.el8_6.i686.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-devel-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-libs-1.1.1k-7.el8_6.i686.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-libs-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-perl-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| Openssl update (ELSA-2022-6224) openssl-3.0.1-41.0.1.el9_0.x86_64.rpm | Linux |
| Openssl-devel update (ELSA-2022-6224) openssl-devel-3.0.1-41.0.1.el9_0.i686.rpm | Linux |
| Openssl-devel update (ELSA-2022-6224) openssl-devel-3.0.1-41.0.1.el9_0.x86_64.rpm | Linux |
| Openssl-libs update (ELSA-2022-6224) openssl-libs-3.0.1-41.0.1.el9_0.i686.rpm | Linux |
| Openssl-libs update (ELSA-2022-6224) openssl-libs-3.0.1-41.0.1.el9_0.x86_64.rpm | Linux |
| Openssl-perl update (ELSA-2022-6224) openssl-perl-3.0.1-41.0.1.el9_0.x86_64.rpm | Linux |
| SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl-1_1-devel-1.1.1d-150200.11.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-1.1.1d-150200.11.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-32bit-1.1.1d-150200.11.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-hmac-1.1.1d-150200.11.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) openssl-1_1-1.1.1d-150200.11.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) openssl-1_1-debuginfo-1.1.1d-150200.11.48.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) openssl-1_1-debugsource-1.1.1d-150200.11.48.1.x86_64.rpm | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6457-1) nodejs_12.22.9~dfsg-1ubuntu3.1_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6457-1) libnode72_12.22.9~dfsg-1ubuntu3.1_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6457-1) nodejs-doc_12.22.9~dfsg-1ubuntu3.1_all.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6457-1) libnode-dev_12.22.9~dfsg-1ubuntu3.1_amd64.deb | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| UEFI firmware for virtual machines (USN-7060-1) ovmf_0~20191122.bd85bf54-2ubuntu3.6_all.deb | Linux |
| UEFI firmware for virtual machines (USN-7060-1) ovmf_2022.02-3ubuntu0.22.04.3_all.deb | Linux |
| UEFI firmware for virtual machines (USN-7060-1) ovmf-ia32_2022.02-3ubuntu0.22.04.3_all.deb | Linux |
| UEFI firmware for virtual machines (USN-7060-1) qemu-efi-aarch64_0~20191122.bd85bf54-2ubuntu3.6_all.deb | Linux |
| UEFI firmware for virtual machines (USN-7060-1) qemu-efi-aarch64_2022.02-3ubuntu0.22.04.3_all.deb | Linux |
| UEFI firmware for virtual machines (USN-7060-1) qemu-efi-arm_0~20191122.bd85bf54-2ubuntu3.6_all.deb | Linux |
| UEFI firmware for virtual machines (USN-7060-1) qemu-efi-arm_2022.02-3ubuntu0.22.04.3_all.deb | Linux |
| Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability (CVE-2022-1292) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-347137 | MySQL Workbench CE (x64) (8.0.42) |
| PATCH-355451 | OpenSSL Light (3.6.1) |
| PATCH-355452 | OpenSSL Light (x64) (3.6.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234