CVE-2022-1697 - OpenCVE

Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Okta	Active Directory Agent

Configuration 1 [-]

OR	cpe:2.3:a:okta:active_directory_agent:3.8.0:::::::*
	cpe:2.3:a:okta:active_directory_agent:3.9.0:::::::*
	cpe:2.3:a:okta:active_directory_agent:3.10.0:::::::*
	cpe:2.3:a:okta:active_directory_agent:3.11.0:::::::*

No data.

References

Link	Providers
https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm
https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ
https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697

History

No history.

MITRE

Status: PUBLISHED

Assigner: Okta

Published: 2022-09-06T17:18:50

Updated: 2024-08-03T00:10:03.895Z

Reserved: 2022-05-12T00:00:00

Link: CVE-2022-1697

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-06T18:15:10.493

Modified: 2022-09-16T16:25:29.213

Link: CVE-2022-1697

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Okta Active Directory Agent", "vendor": "Okta", "versions": [{"status": "affected", "version": "3.8.0, 3.9.0, 3.10.0, 3.11.0"}]}], "descriptions": [{"lang": "en", "value": "Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation."}], "problemTypes": [{"descriptions": [{"description": "Unquoted Search Path or Element", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-13T15:13:26", "orgId": "59b22baa-87b2-4371-8e4a-e080df12f74a", "shortName": "Okta"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697"}, {"tags": ["x_refsource_MISC"], "url": "https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm"}, {"tags": ["x_refsource_MISC"], "url": "https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@okta.com", "ID": "CVE-2022-1697", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Okta Active Directory Agent", "version": {"version_data": [{"version_value": "3.8.0, 3.9.0, 3.10.0, 3.11.0"}]}}]}, "vendor_name": "Okta"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Unquoted Search Path or Element"}]}]}, "references": {"reference_data": [{"name": "https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697", "refsource": "MISC", "url": "https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697"}, {"name": "https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm", "refsource": "MISC", "url": "https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm"}, {"name": "https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ", "refsource": "MISC", "url": "https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:10:03.895Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ"}]}]}, "cveMetadata": {"assignerOrgId": "59b22baa-87b2-4371-8e4a-e080df12f74a", "assignerShortName": "Okta", "cveId": "CVE-2022-1697", "datePublished": "2022-09-06T17:18:50", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-08-03T00:10:03.895Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:okta:active_directory_agent:3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "442B7B70-70D7-488D-BAC4-7B060CCB1388", "vulnerable": true}, {"criteria": "cpe:2.3:a:okta:active_directory_agent:3.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E0B869CF-7CFB-4288-B21B-C959136BE293", "vulnerable": true}, {"criteria": "cpe:2.3:a:okta:active_directory_agent:3.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07931E64-69B0-4081-99A8-9FF8E6989E2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:okta:active_directory_agent:3.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "C8403CAC-AA6E-4B65-B02D-0DA097D9E53B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation."}, {"lang": "es", "value": "Las versiones 3.8.0 a 3.11.0 del Agente de Okta Active Directory instalan el Servicio de Actualizaci\u00f3n del Agente de Okta AD utilizando una ruta no citada. Nota: Para corregir esta vulnerabilidad, debe desinstalar el Agente de Okta Active Directory y volver a instalar el Agente de Okta Active Directory 3.12.0 o superior seg\u00fan la documentaci\u00f3n"}], "id": "CVE-2022-1697", "lastModified": "2022-09-16T16:25:29.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-06T18:15:10.493", "references": [{"source": "psirt@okta.com", "tags": ["Vendor Advisory"], "url": "https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm"}, {"source": "psirt@okta.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ"}, {"source": "psirt@okta.com", "tags": ["Vendor Advisory"], "url": "https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697"}], "sourceIdentifier": "psirt@okta.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "nvd@nist.gov", "type": "Primary"}]}