CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://hackerone.com/reports/1447455	Permissions Required
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/	Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20220915-0001/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-07-14 15:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-32223

Mitre link : CVE-2022-32223

CVE.ORG link : CVE-2022-32223

JSON object : View

Products Affected

microsoft

windows

nodejs

node.js

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2022-32223", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2022-07-14T15:15:08.487", "references": [{"url": "https://hackerone.com/reports/1447455", "tags": ["Permissions Required"], "source": "support@hackerone.com"}, {"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", "tags": ["Patch", "Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://security.netapp.com/advisory/ntap-20220915-0001/", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and \u201cC:\\Program Files\\Common Files\\SSL\\openssl.cnf\u201d exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability."}, {"lang": "es", "value": "Node.js es vulnerable a un Flujo de Ejecuci\u00f3n de Secuestro: Secuestro de DLL bajo determinadas condiciones en plataformas Windows. Esta vulnerabilidad puede ser explotada si la v\u00edctima presenta las siguientes dependencias en una m\u00e1quina Windows:* OpenSSL ha sido instalada y \"C:\\Program Files\\Common Files\\SSL\\openssl.cnf\" se presenta. Siempre que sean dadas las condiciones anteriores, \"node.exe\" buscar\u00e1 \"providers.dll\" en el directorio actual del usuario. Despu\u00e9s, \"node.exe\" intentar\u00e1 buscar \"providers.dll\" mediante el orden de b\u00fasqueda de DLL en Windows. Es posible que un atacante coloque el archivo malicioso \"providers.dll\" en una variedad de rutas y explote esta vulnerabilidad"}], "lastModified": "2022-10-28T18:29:55.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482", "versionEndIncluding": "14.14.0", "versionStartIncluding": "14.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "E1789602-0D21-4A6F-A1BB-60D243AB619D", "versionEndExcluding": "14.20.0", "versionStartIncluding": "14.14.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA", "versionEndIncluding": "16.12.0", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "D9D9B02E-C965-408B-999E-1F3DA09B62AA", "versionEndExcluding": "16.16.0", "versionStartIncluding": "16.13.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "DAE99FBA-CF4F-4DF2-98D5-5D3ACD82A185", "versionEndExcluding": "18.0.5", "versionStartIncluding": "18.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "support@hackerone.com"}