Intrusion PreventionOpenSSL.c_rehash.Script.CVE-2022-2068.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection Vulnerability in OpenSSL Project OpenSSL.
The vulnerability is due to improper validation of shell metacharacters. A remote attacker could exploit the vulnerability by enticing the target user to parse malicious files. Successful exploitation could result in command execution within the context of the target user.
Affected Products
OpenSSL Project OpenSSL 3.0.x prior to 3.0.4
OpenSSL Project OpenSSL prior to 1.1.1p
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.openssl.org/news/secadv/20220621.txt
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-10-05 | 25.651 | Sig Added |
| 2023-05-23 | 23.560 | Sig Added |
| 2022-09-08 | 22.388 | Default_action:pass:drop |
| 2022-07-14 | 21.356 |
| ID | 51804 |
| Created | Jul 06, 2022 |
| Updated | Oct 04, 2023 |
| Risk |
|
| CVE ID | CVE-2022-2068 |
| Exploit Prediction Score | 8.51% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | Other |