CVE-2022-2068: Command injection in OpenSSL OpenSSL
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
AI Analysis
Technical Summary
CVE-2022-2068 is a critical command injection vulnerability found in the c_rehash script distributed with OpenSSL versions 3.0.0 through 3.0.3, 1.1.1 through 1.1.1o, and 1.0.2 through 1.0.2ze. The vulnerability arises because the c_rehash script does not properly sanitize shell metacharacters in certificate file names before passing them to shell commands. This improper sanitization allows an attacker to inject arbitrary shell commands that will be executed with the privileges of the script. The c_rehash script is used to create symbolic links to hashed certificate files, and on some operating systems, it is automatically executed, increasing the risk of exploitation. The vulnerability is a variant of CWE-78 (Improper Neutralization of Special Elements used in an OS Command), and was discovered during code review following a previous related vulnerability (CVE-2022-1292). The issue has been fixed by replacing the c_rehash script with the OpenSSL rehash command line tool in OpenSSL versions 3.0.4, 1.1.1p, and 1.0.2zf. The CVSS v3.1 base score is 9.8, indicating a critical severity with network attack vector, no privileges required, no user interaction, and full impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported yet, but the high severity and ease of exploitation make this a significant threat.
Potential Impact
For European organizations, this vulnerability poses a severe risk due to the widespread use of OpenSSL in servers, network appliances, and various software stacks. Exploitation could lead to full system compromise, allowing attackers to execute arbitrary commands remotely without authentication or user interaction. This could result in data breaches, service disruptions, and lateral movement within networks. Organizations relying on automated certificate management or systems that invoke the c_rehash script automatically are particularly vulnerable. Given OpenSSL's integral role in securing communications and cryptographic operations, exploitation could undermine trust in secure channels and expose sensitive information. The vulnerability's critical nature means that attackers could leverage it to gain persistent footholds or disrupt critical infrastructure, which is especially concerning for sectors like finance, healthcare, and government within Europe.
Mitigation Recommendations
European organizations should immediately verify if their systems use affected OpenSSL versions and the c_rehash script. They must upgrade to patched versions: OpenSSL 3.0.4, 1.1.1p, or 1.0.2zf as appropriate. Systems should replace usage of the obsolete c_rehash script with the supported OpenSSL rehash command line tool. Additionally, organizations should audit automated processes that invoke c_rehash to ensure they do not execute untrusted certificate files or filenames containing shell metacharacters. Implementing strict input validation and sanitization on certificate file names is critical. Where upgrading is not immediately possible, restricting execution permissions of the c_rehash script and isolating systems that run it can reduce risk. Monitoring logs for unusual command execution patterns related to certificate hashing operations can help detect exploitation attempts. Finally, organizations should review their incident response plans to quickly address any signs of compromise related to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Belgium, Austria
CVE-2022-2068: Command injection in OpenSSL OpenSSL
Description
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
AI-Powered Analysis
Technical Analysis
CVE-2022-2068 is a critical command injection vulnerability found in the c_rehash script distributed with OpenSSL versions 3.0.0 through 3.0.3, 1.1.1 through 1.1.1o, and 1.0.2 through 1.0.2ze. The vulnerability arises because the c_rehash script does not properly sanitize shell metacharacters in certificate file names before passing them to shell commands. This improper sanitization allows an attacker to inject arbitrary shell commands that will be executed with the privileges of the script. The c_rehash script is used to create symbolic links to hashed certificate files, and on some operating systems, it is automatically executed, increasing the risk of exploitation. The vulnerability is a variant of CWE-78 (Improper Neutralization of Special Elements used in an OS Command), and was discovered during code review following a previous related vulnerability (CVE-2022-1292). The issue has been fixed by replacing the c_rehash script with the OpenSSL rehash command line tool in OpenSSL versions 3.0.4, 1.1.1p, and 1.0.2zf. The CVSS v3.1 base score is 9.8, indicating a critical severity with network attack vector, no privileges required, no user interaction, and full impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported yet, but the high severity and ease of exploitation make this a significant threat.
Potential Impact
For European organizations, this vulnerability poses a severe risk due to the widespread use of OpenSSL in servers, network appliances, and various software stacks. Exploitation could lead to full system compromise, allowing attackers to execute arbitrary commands remotely without authentication or user interaction. This could result in data breaches, service disruptions, and lateral movement within networks. Organizations relying on automated certificate management or systems that invoke the c_rehash script automatically are particularly vulnerable. Given OpenSSL's integral role in securing communications and cryptographic operations, exploitation could undermine trust in secure channels and expose sensitive information. The vulnerability's critical nature means that attackers could leverage it to gain persistent footholds or disrupt critical infrastructure, which is especially concerning for sectors like finance, healthcare, and government within Europe.
Mitigation Recommendations
European organizations should immediately verify if their systems use affected OpenSSL versions and the c_rehash script. They must upgrade to patched versions: OpenSSL 3.0.4, 1.1.1p, or 1.0.2zf as appropriate. Systems should replace usage of the obsolete c_rehash script with the supported OpenSSL rehash command line tool. Additionally, organizations should audit automated processes that invoke c_rehash to ensure they do not execute untrusted certificate files or filenames containing shell metacharacters. Implementing strict input validation and sanitization on certificate file names is critical. Where upgrading is not immediately possible, restricting execution permissions of the c_rehash script and isolating systems that run it can reduce risk. Monitoring logs for unusual command execution patterns related to certificate hashing operations can help detect exploitation attempts. Finally, organizations should review their incident response plans to quickly address any signs of compromise related to this vulnerability.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- openssl
- Date Reserved
- 2022-06-13T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d981ec4522896dcbdc175
Added to database: 5/21/2025, 9:08:46 AM
Last enriched: 7/3/2025, 11:28:19 AM
Last updated: 2/7/2026, 3:08:40 PM
Views: 67
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-2088: SQL Injection in PHPGurukul Beauty Parlour Management System
MediumCVE-2026-2087: SQL Injection in SourceCodester Online Class Record System
MediumCVE-2026-2086: Buffer Overflow in UTT HiPER 810G
HighCVE-2026-2085: Command Injection in D-Link DWR-M921
HighCVE-2026-2084: OS Command Injection in D-Link DIR-823X
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.