Support Content Notification - Support Portal

(CVE-2022-1292) - The c_rehash script allows command injection. (BSA-2022-1846)

Product/Component

Brocade Fabric OS

1 more products

Notification Id

21209

Last Updated

20 March 2023

Initial Publication Date

15 August 2022

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

Base Score: 9.8. CRITICAL -Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WorkAround

N/A

Affected CVE

CVE-2022-1292

Summary

Security Advisory ID: BSA-2022-1846

Component: OpenSSL

Revision: 2.0

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Products Confirmed Not Vulnerable

Brocade Fabric OS.
Brocade ASCG.
Brocade SANnav.

Revision History

Version	Change	Date
1.0	Initial Publication	Aug 15, 2022
2.0	SANnav status updated	Dec 2, 2022
3.0	Title update	March 20, 2023