Description

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

INFO

Published Date :

May 3, 2022, 4:15 p.m.

Last Modified :

Nov. 21, 2024, 6:40 a.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2022-1292 has a 19 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2022-1292 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Netapp active_iq_unified_manager
2 Netapp a700s_firmware
3 Netapp solidfire_\&_hci_management_node
4 Netapp oncommand_insight
5 Netapp oncommand_workflow_automation
6 Netapp snapcenter
7 Netapp snapmanager
8 Netapp h300s_firmware
9 Netapp h500s_firmware
10 Netapp h700s_firmware
11 Netapp h410s_firmware
12 Netapp clustered_data_ontap
13 Netapp solidfire\,_enterprise_sds_\&_hci_storage_node
14 Netapp a250_firmware
15 Netapp clustered_data_ontap_antivirus_connector
16 Netapp smi-s_provider
17 Netapp santricity_smi-s_provider
18 Netapp fas_8300_firmware
19 Netapp fas_8700_firmware
20 Netapp aff_8300_firmware
21 Netapp aff_8700_firmware
22 Netapp aff_a400_firmware
23 Netapp h300s
24 Netapp h410s
25 Netapp h500s
26 Netapp h700s
27 Netapp fabric-attached_storage_a400_firmware
28 Netapp h300e_firmware
29 Netapp h500e_firmware
30 Netapp h700e_firmware
31 Netapp aff_500f_firmware
32 Netapp fas_500f_firmware
33 Netapp h300e
34 Netapp h500e
35 Netapp h700e
36 Netapp fas_8300
37 Netapp fas_8700
38 Netapp a700s
39 Netapp a250
40 Netapp aff_a400
41 Netapp aff_8300
42 Netapp aff_8700
43 Netapp fabric-attached_storage_a400
44 Netapp aff_500f
45 Netapp fas_500f
1 Oracle enterprise_manager_ops_center
2 Oracle mysql_workbench
3 Oracle mysql_server
1 Fedoraproject fedora
1 Debian debian_linux
1 Openssl openssl
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-1292.

URL Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011 Third Party Advisory
https://security.gentoo.org/glsa/202210-02 Third Party Advisory
https://security.netapp.com/advisory/ntap-20220602-0009/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20220729-0004/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5139 Third Party Advisory
https://www.openssl.org/news/secadv/20220503.txt Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011 Third Party Advisory
https://security.gentoo.org/glsa/202210-02 Third Party Advisory
https://security.netapp.com/advisory/ntap-20220602-0009/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20220729-0004/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5139 Third Party Advisory
https://www.openssl.org/news/secadv/20220503.txt Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Dockerfile Roff Java

Updated: 2 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Oct. 7, 2024, 8:52 a.m. This repo has been linked 127 different CVEs too.

All CVE - PoC in GitHub

poc proofofconcept tester allcve cvegithub cvenew cvepoc cveupdate

Updated: 1 month, 2 weeks ago
8 stars 3 fork 3 watcher
Born at : March 22, 2024, 3:58 p.m. This repo has been linked 928 different CVEs too.

None

Updated: 9 months, 1 week ago
1 stars 0 fork 0 watcher
Born at : March 11, 2024, 1:21 p.m. This repo has been linked 930 different CVEs too.

Set of CVE presentations for Hacking101

Updated: 1 year ago
0 stars 0 fork 0 watcher
Born at : Nov. 29, 2023, 12:50 a.m. This repo has been linked 4 different CVEs too.

None

Updated: 1 year, 8 months ago
0 stars 2 fork 2 watcher
Born at : April 8, 2023, 6:19 a.m. This repo has been linked 923 different CVEs too.

None

Updated: 2 weeks, 1 day ago
6 stars 0 fork 0 watcher
Born at : Feb. 23, 2023, 5:42 a.m. This repo has been linked 462 different CVEs too.

None

Updated: 10 months, 1 week ago
20 stars 3 fork 3 watcher
Born at : Feb. 14, 2023, 6:10 p.m. This repo has been linked 921 different CVEs too.

None

Perl DIGITAL Command Language C Shell Assembly M4 eC Python C++ sed

Updated: 2 weeks, 2 days ago
112 stars 42 fork 42 watcher
Born at : Dec. 7, 2022, 7:08 a.m. This repo has been linked 6 different CVEs too.

None

Updated: 10 months ago
2 stars 2 fork 2 watcher
Born at : Nov. 25, 2022, 5:43 p.m. This repo has been linked 930 different CVEs too.

Automation to validate the impact of the vulnerability CVE-2022-1292 on a specific system.

Shell

Updated: 1 month, 3 weeks ago
5 stars 0 fork 0 watcher
Born at : Sept. 13, 2022, 10:01 p.m. This repo has been linked 1 different CVEs too.

OpenSSL

Shell

Updated: 1 year, 5 months ago
6 stars 0 fork 0 watcher
Born at : Sept. 1, 2022, 7 a.m. This repo has been linked 1 different CVEs too.

None

Perl DIGITAL Command Language C Shell Assembly M4 eC Python C++ sed

Updated: 2 years, 3 months ago
1 stars 0 fork 0 watcher
Born at : July 26, 2022, 11:33 a.m. This repo has been linked 1 different CVEs too.

Third party components security advisories

HTML CSS

Updated: 1 year, 5 months ago
1 stars 0 fork 0 watcher
Born at : July 18, 2022, 7:03 p.m. This repo has been linked 9 different CVEs too.

None

Python Dockerfile Shell

Updated: 1 year, 6 months ago
0 stars 1 fork 1 watcher
Born at : June 21, 2022, 2:35 p.m. This repo has been linked 2 different CVEs too.

CVE-2022-1292 OpenSSL c_rehash Vulnerability

Dockerfile Shell

Updated: 2 weeks, 4 days ago
5 stars 1 fork 1 watcher
Born at : May 30, 2022, 4:59 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-1292 vulnerability anywhere in the article.

  • The Hacker News
U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), ... Read more

Published Date: Dec 11, 2024 (1 week, 4 days ago)

The following table lists the changes that have been made to the CVE-2022-1292 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
    Added Reference https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
    Added Reference https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb
    Added Reference https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
    Added Reference https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/
    Added Reference https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011
    Added Reference https://security.gentoo.org/glsa/202210-02
    Added Reference https://security.netapp.com/advisory/ntap-20220602-0009/
    Added Reference https://security.netapp.com/advisory/ntap-20220729-0004/
    Added Reference https://www.debian.org/security/2022/dsa-5139
    Added Reference https://www.openssl.org/news/secadv/20220503.txt
    Added Reference https://www.oracle.com/security-alerts/cpujul2022.html
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Added Reference OpenSSL Software Foundation https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 [No types assigned]
    Added Reference OpenSSL Software Foundation https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 [No types assigned]
    Added Reference OpenSSL Software Foundation https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb [No types assigned]
    Added Reference OpenSSL Software Foundation https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/ [No types assigned]
    Added Reference OpenSSL Software Foundation https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/ [No types assigned]
    Removed Reference OpenSSL Software Foundation https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
    Removed Reference OpenSSL Software Foundation https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
    Removed Reference OpenSSL Software Foundation https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb
    Removed Reference OpenSSL Software Foundation https://lists.fedoraproject.org/archives/list/[email protected]/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/
    Removed Reference OpenSSL Software Foundation https://lists.fedoraproject.org/archives/list/[email protected]/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/
  • CVE Modified by [email protected]

    Feb. 14, 2023

    Action Type Old Value New Value
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf [No Types Assigned]
  • Modified Analysis by [email protected]

    Oct. 21, 2022

    Action Type Old Value New Value
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html No Types Assigned https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/ Mailing List, Third Party Advisory
    Changed Reference Type https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011 No Types Assigned https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011 Third Party Advisory
    Changed Reference Type https://security.gentoo.org/glsa/202210-02 No Types Assigned https://security.gentoo.org/glsa/202210-02 Third Party Advisory
    Changed Reference Type https://security.netapp.com/advisory/ntap-20220602-0009/ No Types Assigned https://security.netapp.com/advisory/ntap-20220602-0009/ Third Party Advisory
    Changed Reference Type https://security.netapp.com/advisory/ntap-20220729-0004/ No Types Assigned https://security.netapp.com/advisory/ntap-20220729-0004/ Third Party Advisory
    Changed Reference Type https://www.debian.org/security/2022/dsa-5139 No Types Assigned https://www.debian.org/security/2022/dsa-5139 Third Party Advisory
    Changed Reference Type https://www.oracle.com/security-alerts/cpujul2022.html No Types Assigned https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* *cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:* *cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* *cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:* *cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:fas_500f:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (including) 5.7.38 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.0.29 *cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
    Added CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Oct. 16, 2022

    Action Type Old Value New Value
    Added Reference https://security.gentoo.org/glsa/202210-02 [No Types Assigned]
  • CVE Modified by [email protected]

    Jul. 29, 2022

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20220729-0004/ [No Types Assigned]
  • CVE Modified by [email protected]

    Jul. 25, 2022

    Action Type Old Value New Value
    Added Reference https://www.oracle.com/security-alerts/cpujul2022.html [No Types Assigned]
  • CVE Modified by [email protected]

    Jul. 14, 2022

    Action Type Old Value New Value
    Added Reference https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011 [No Types Assigned]
  • CVE Modified by [email protected]

    Jun. 29, 2022

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/ [No Types Assigned]
  • CVE Modified by [email protected]

    Jun. 23, 2022

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/ [No Types Assigned]
  • CVE Modified by [email protected]

    Jun. 02, 2022

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20220602-0009/ [No Types Assigned]
  • CVE Modified by [email protected]

    May. 18, 2022

    Action Type Old Value New Value
    Added Reference https://www.debian.org/security/2022/dsa-5139 [No Types Assigned]
  • CVE Modified by [email protected]

    May. 15, 2022

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html [No Types Assigned]
  • Initial Analysis by [email protected]

    May. 11, 2022

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 No Types Assigned https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 Mailing List, Patch, Vendor Advisory
    Changed Reference Type https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb No Types Assigned https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb Broken Link
    Changed Reference Type https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 No Types Assigned https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 Mailing List, Patch, Vendor Advisory
    Changed Reference Type https://www.openssl.org/news/secadv/20220503.txt No Types Assigned https://www.openssl.org/news/secadv/20220503.txt Vendor Advisory
    Added CWE NIST CWE-78
    Added CPE Configuration OR *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.0.2 up to (excluding) 1.0.2ze *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.1.1 up to (excluding) 1.1.1o *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (excluding) 3.0.3
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-1292 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

5.75 }} -5.08%

score

0.93263

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability