OpenSSL Command Injection Vulnerability (CVE-2022-1292)
Advisory ID
WGSA-2022-00012
CVE
CVE-2022-1292
Impact
Medium
Status
Resolved
Product Family
Firebox,
Dimension,
WatchGuard Cloud,
Secure Wi-Fi
Published Date
Updated Date
Workaround Available
True
CVSS Score
6.3
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
On May 3 2022, OpenSSL published a security advisory disclosing a command injection vulnerability in the c_rehash script included with the library. Some operating systems automatically execute this script as a part of normal operations which could allow an attacker to execute arbitrary commands with elevated privileges.
WatchGuard is investigating its product line to determine which products or cloud services may be affected by this vulnerability.
Affected
| Product | Affected Version(s) |
|---|---|
| Firebox | Not impacted |
| WSM | Not impacted |
| Dimension | Mitigated via automatically applied security updates |
| WatchGuard Cloud | Not impacted |
| DNSWatch | Resolved |
| Cloud Wi-Fi APs | Not impacted |
| Endpoint Clients | Not impacted |
Resolution
| Product | Status | Fixed Version(s) |
|---|---|---|
| Dimension | Resolved | Dimension automatically installs security updates and has updated OpenSSL to a non-vulnerable version |
| DNSwatch | Resolved | DNSWatch engineering deployed a fix to mitigate CVE-2022-1292 in our cloud environment |
References
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |
Firebox
|
Fireware OS 12.5.x | T15, T35 |
Dimension
|
Dimension | Dimension |
WatchGuard Cloud
|
WatchGuard Cloud | WatchGuard Cloud |
Secure Wi-Fi
|
Wi-Fi 4 & 5 | AP125, AP225W, AP325, AP327X, AP420 |
Secure Wi-Fi
|
Wi-Fi 6 | AP130, AP330, AP332CR, AP430CR, AP432 |