{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T11:14:13.976","vulnerabilities":[{"cve":{"id":"CVE-2022-2068","sourceIdentifier":"openssl-security@openssl.org","published":"2022-06-21T15:15:09.060","lastModified":"2025-11-03T22:15:58.023","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)."},{"lang":"es","value":"Además de una inyección de comandos de shell c_rehash identificada en CVE-2022-1292, se encontraron otras circunstancias en las que el script c_rehash no sanea adecuadamente los metacaracteres de shell para evitar la inyección de comandos mediante la revisión del código. Cuando fue corregida la CVE-2022-1292 no ha sido detectado que se presentan otros lugares en el script en los que los nombres de archivo de los certificados a los que es aplicado el hash son pasados posiblemente a un comando ejecutado mediante el shell. Este script es distribuido por algunos sistemas operativos de manera que es ejecutado automáticamente. En dichos sistemas operativos, un atacante podría ejecutar comandos arbitrarios con los privilegios del script. El uso del script c_rehash es considerado obsoleto y debe ser sustituido por la herramienta de línea de comandos OpenSSL rehash. Corregido en OpenSSL versión 3.0.4 (Afectados 3.0.0,3.0.1,3.0.2,3.0.3). Corregido en OpenSSL versión 1.1.1p (Afectado 1.1.1-1.1.1o). Corregido en OpenSSL versión 1.0.2zf (Afectado 1.0.2-1.0.2ze)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.2","versionEndExcluding":"1.0.2zf","matchCriteriaId":"C9B6EB2C-EF9B-44AF-B083-BF59B8107801"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.1","versionEndExcluding":"1.1.1p","matchCriteriaId":"5EAA5CAF-1DE6-4730-9E07-9E6594A5D6BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.4","matchCriteriaId":"4188DBDA-354F-4939-904D-0A9F8A8AB703"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","matchCriteriaId":"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0","matchCriteriaId":"C89891C1-DFD7-4E1F-80A9-7485D86A15B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*","matchCriteriaId":"4664B195-AF14-4834-82B3-0B2C98020EB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*","matchCriteriaId":"75BC588E-CDF0-404E-AD61-02093A1DF343"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*","matchCriteriaId":"A334F7B4-7283-4453-BAED-D2E01B7F8A6E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","matchCriteriaId":"85DF4B3F-4BBC-42B7-B729-096934523D63"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*","matchCriteriaId":"A3C19813-E823-456A-B1CE-EC0684CE1953"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*","matchCriteriaId":"759D1A24-B23B-404E-AD39-F18D7DBAD501"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*","matchCriteriaId":"E7CF3019-975D-40BB-A8A4-894E62BD3797"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*","matchCriteriaId":"361B791A-D336-4431-8F68-8135BEFFAEA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*","matchCriteriaId":"4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*","matchCriteriaId":"80774A35-B0B8-4F9C-99CA-23849978D158"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*","matchCriteriaId":"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*","matchCriteriaId":"95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*","matchCriteriaId":"AD7447BC-F315-4298-A822-549942FC118B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5921A877-18BF-43FE-915C-D226E140ACFC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*","matchCriteriaId":"7296A1F2-D315-4FD5-8A73-65C480C855BE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FD7CFE0E-9D1E-4495-B302-89C3096FC0DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*","matchCriteriaId":"F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"89612649-BACF-4FAC-9BA4-324724FD93A6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*","matchCriteriaId":"F3D9B255-C1AF-42D1-BF9B-13642FBDC080"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*","matchCriteriaId":"CDDF61B7-EC5C-467C-B710-B89F502CD04F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6770B6C3-732E-4E22-BF1C-2D2FD610061C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","matchCriteriaId":"9F9C8C20-42EB-4AB5-BD97-212DEB070C43"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7FFF7106-ED78-49BA-9EC5-B889E3685D53"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","matchCriteriaId":"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"56409CEC-5A1E-4450-AA42-641E459CC2AF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","matchCriteriaId":"B06F4839-D16A-4A61-9BB5-55B13F41E47F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D0B4AD8A-F172-4558-AEC6-FF424BA2D912"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","matchCriteriaId":"8497A4C9-8474-4A62-8331-3FE862ED4098"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D5CDADAB-72A5-4526-8432-E6C9AC56B29F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*","matchCriteriaId":"E64576DE-90F0-4F5E-9C82-AB745CFEDBB7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EF5AFE69-7990-4F80-9E63-D8AD58AA3A2D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*","matchCriteriaId":"6415E28A-4EAC-4F7F-BD81-1A55CE8B6F40"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:fas_a400_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CAA3A789-79F7-4DC8-9722-3958A3162EB4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:fas_a400:-:*:*:*:*:*:*:*","matchCriteriaId":"18C138F0-706F-44A8-880E-133F66DE164A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA79D39A-A5F2-4C44-A805-5113065F8C25"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*","matchCriteriaId":"4CA55FBD-6EBA-49C8-92BA-2B1BCCB18A3A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"70ECC434-DF20-49A6-B4CF-D5CCA480E57D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*","matchCriteriaId":"232DC609-8023-41F9-8CE3-1B31CE2F2D93"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*","matchCriteriaId":"F3E70A56-DBA8-45C7-8C49-1A036501156F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*","matchCriteriaId":"E5BAE3DB-F5EE-4AFB-A60E-FE8B809BDE66"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf","source":"openssl-security@openssl.org","tags":["Third Party Advisory"]},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/","source":"openssl-security@openssl.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/","source":"openssl-security@openssl.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220707-0008/","source":"openssl-security@openssl.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2022/dsa-5169","source":"openssl-security@openssl.org","tags":["Third Party Advisory"]},{"url":"https://www.openssl.org/news/secadv/20220621.txt","source":"openssl-security@openssl.org","tags":["Vendor Advisory"]},{"url":"http://seclists.org/fulldisclosure/2024/Nov/0","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://gitlab.com/fraf0/cve-2022-1292-re_score-analysis","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220707-0008/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2022/dsa-5169","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.openssl.org/news/secadv/20220621.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}