CVE-2022-1343Improper Certificate Validation in Openssl

CWE-295Improper Certificate Validation14 documents8 sources
Severity
5.3MEDIUMNVD
OSV7.3
EPSS
0.3%
top 51.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
OpensslPaloalto Pan-osDebian Openssl
Timeline
PublishedMay 3
Latest updateSep 4

Description

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

NVDopenssl/openssl3.0.03.0.3
Alpineopenssl/openssl< 3.0.3-r0+6
Ubuntuopenssl/openssl< 1.1.1-1ubuntu2.1~18.04.17+2
CVEListV5openssl/opensslFixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)

🔴Vulnerability Details

5
OSV
openssl, openssl1.0 vulnerabilities2022-05-04
OSV
`OCSP_basic_verify` may incorrectly verify the response signing certificate2022-05-04
GHSA
`OCSP_basic_verify` may incorrectly verify the response signing certificate2022-05-04
OSV
CVE-2022-1343: The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response2022-05-03
OSV
`OCSP_basic_verify` may incorrectly verify the response signing certificate2022-05-03

📋Vendor Advisories

8
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-09-04
CISA ICS
​Siemens SINAMICS Medium Voltage Products2023-06-15
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
CISA ICS
Siemens SCALANCE, RUGGEDCOM Third-Party2023-03-16
CISA ICS
Siemens Brownfield Connectivity Client2023-02-16
CVE-2022-1343 — Improper Certificate Validation | cvebase