Vulnerability Name:

CVE-2022-32223 (CCN-230661)

Assigned:2022-07-07
Published:2022-07-07
Updated:2022-10-28
Summary:Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.
CVSS v3 Severity:7.3 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-427
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-32223

Source: XF
Type: UNKNOWN
nodejs-cve202232223-priv-esc(230661)

Source: MISC
Type: Permissions Required
https://hackerone.com/reports/1447455

Source: CCN
Type: Node.js Blog, 2022-07-07
July 7th 2022 Security Releases

Source: MISC
Type: Patch, Vendor Advisory
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220915-0001/

Source: CCN
Type: IBM Security Bulletin 6603049 (Answer Retrieval for Watson Discovery)
IBM Answer Retrieval for Watson Discovery is vulnerable to HTTP request smuggling due to NodeJS

Source: CCN
Type: IBM Security Bulletin 6610929 (Voice Gateway)
Multiple Vulnerabilities in node.js

Source: CCN
Type: IBM Security Bulletin 6611585 (Cloud Pak for Integration)
Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6613025 (App Connect Enterprise)
Multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus

Source: CCN
Type: IBM Security Bulletin 6616293 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6619919 (Spectrum Protect Plus)
Multiple vulnerabilities in Node.js may affect IBM Spectrum Protect Plus (CVE-2022-32223, CVE-2022-32215, CVE-2022-33987, CVE-2022-32213, CVE-2022-32212, CVE-2022-32222, CVE-2022-32214)

Source: CCN
Type: IBM Security Bulletin 6659671 (Spectrum Control)
IBM Spectrum Control is vulnerable to multiple weaknesses related Java SE and Node

Source: CCN
Type: IBM Security Bulletin 6825155 (Watson Assistant for Cloud Pak for data)
Multiple Vulnerabilities in node.js

Source: CCN
Type: IBM Security Bulletin 6825561 (Event Streams)
Multiple vulnerabilities in Node.js affect IBM Event Streams

Source: CCN
Type: IBM Security Bulletin 6833888 (Business Automation Workflow traditional)
Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow

Source: CCN
Type: IBM Security Bulletin 6840919 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Source: CCN
Type: IBM Security Bulletin 6841799 (Planning Analytics Workspace)
IBM Planning Analytics Workspace is affected by vulnerabilities in Node.js and Spring Data MongoDB

Source: CCN
Type: IBM Security Bulletin 6986505 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Vulnerable Configuration:Configuration 1:
  • cpe:/a:nodejs:node.js:*:*:*:*:lts:*:*:* (Version >= 16.13.0 and < 16.16.0)
  • OR cpe:/a:nodejs:node.js:*:*:*:*:-:*:*:* (Version >= 14.0.0 and <= 14.14.0)
  • OR cpe:/a:nodejs:node.js:*:*:*:*:-:*:*:* (Version >= 16.0.0 and <= 16.12.0)
  • OR cpe:/a:nodejs:node.js:*:*:*:*:lts:*:*:* (Version >= 14.14.0 and < 14.20.0)
  • OR cpe:/a:nodejs:node.js:*:*:*:*:-:*:*:* (Version >= 18.0.0 and < 18.0.5)
  • AND
  • cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:nodejs:node.js:14.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect:11.0.0.0:*:*:*:enterprise:*:*:*
  • OR cpe:/a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:12.0.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*

    • * Denotes that component is vulnerable
    BACK
    nodejs node.js *
    nodejs node.js *
    nodejs node.js *
    nodejs node.js *
    nodejs node.js *
    microsoft windows -
    nodejs node.js 14.0
    ibm spectrum protect plus 10.1.0
    ibm app connect 11.0.0.0
    ibm integration bus 10.0.0.0
    ibm cognos analytics 11.1
    ibm cloud transformation advisor 2.0.1
    ibm event streams 10.0.0
    ibm event streams 10.1.0
    ibm voice gateway 1.0.7
    ibm event streams 10.2.0
    ibm app connect enterprise 12.0.1.0
    ibm event streams 10.3.0
    ibm event streams 10.3.1
    ibm planning analytics workspace 2.0
    ibm business automation workflow 20.0.0.1
    ibm business automation workflow 20.0.0.2
    ibm business automation workflow 21.0.1
    ibm app connect enterprise 12.0.5.0
    ibm business automation workflow 22.0.1