8 matches found
CVE-2022-4991
Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...
CVE-2022-4991
Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...
CVE-2022-4991 Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...
CVE-2022-4991
The CVE-2022-4991 issue affects Tychon on Windows where an OpenSSL OPENSSLDIR subdirectory can be controlled by an unprivileged user. A privileged service in Tychon uses this OpenSSL component, and a user who can place a crafted openssl.cnf at a specific path may execute arbitrary code with SYSTE...
Tychon 安全漏洞
Tychon is a terminal security analysis and management platform developed by the American company Tychon. There is a security vulnerability in Tychon, which stems from the OPENSSLDIR variable in the OpenSSL component potentially being controlled by non-privileged users. This vulnerability could...
The vulnerability of the OpenSSL library in the TYCHON network endpoint management tool allows a hacker to execute arbitrary code with SYSTEM privileges.
The vulnerability of the OpenSSL library used by the TYCHON network endpoint management tool is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability allows a attacker to execute arbitrary code with SYSTEM privileges using a special...
PT-2022-3562 · American Megatrends +1 · Ami Megarac +1
Name of the Vulnerable Software and Affected Versions: AMI Megarac affected versions not specified Description: The issue is related to the interception of password reset requests via API. There is also a mention of a vulnerability in the OpenSSL library used by the TYCHON network endpoint...
Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
Overview Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files. Description Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory...