8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
55.6%
Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR
variable that specifies a location where an unprivileged Windows user may be able to place files.
Tychon includes an OpenSSL component that specifies an OPENSSLDIR
variable as a subdirectory that my be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf
file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.
By placing a specially-crafted openssl.cnf
in a location used by Tychon, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable Tychon software installed.
This issue is addressed in Tychon 1.7.857.82
This document was written by Will Dormann.
730007
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Notified: 2022-03-10 Updated: 2022-04-28
Statement Date: April 27, 2022
CVE-2022-26872 | Affected |
---|
CVE-2022-26872 has been resolved with an update to the OpenSSL library TYCHON uses. The TYCHON Endpoint version 1.7.857.82 contains the fix to this vulnerability.
CVE IDs: | CVE-2022-26872 |
---|---|
Date Public: | 2022-04-28 Date First Published: |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
55.6%