CVE-2022-0517: Malicious File Upload
First published: Wed Feb 23 2022(Updated: )
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Mozilla VPN | <2.7.1 | 2.7.1 |
| <2.7.1 | 2.7.1 | |
| Mozilla VPN | <2.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-0517?
CVE-2022-0517 is a vulnerability in Mozilla VPN that allows an attacker with limited privileges to launch arbitrary code with SYSTEM privilege.
What is affected by CVE-2022-0517?
Mozilla VPN versions earlier than 2.7.1 are affected by CVE-2022-0517.
How can an attacker exploit CVE-2022-0517?
By leveraging the ability to load an OpenSSL configuration file from an unsecured directory, an attacker with limited privileges can launch arbitrary code with SYSTEM privilege.
What is the severity of CVE-2022-0517?
CVE-2022-0517 has a severity rating of high, with a severity value of 7.
How can I fix CVE-2022-0517?
To fix CVE-2022-0517, update Mozilla VPN to version 2.7.1 or later.
- collector/mozilla-advisory
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- source/Mozilla
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla mozilla vpn
- canonical/mozilla vpn