CVE-2022-1697

Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:okta:active_directory_agent:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:okta:active_directory_agent:3.9.0:*:*:*:*:*:*:*
cpe:2.3:a:okta:active_directory_agent:3.10.0:*:*:*:*:*:*:*
cpe:2.3:a:okta:active_directory_agent:3.11.0:*:*:*:*:*:*:*

History

16 Sep 2022, 16:25

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.2
v2 : unknown
v3 : 3.9

13 Sep 2022, 18:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.7
v2 : unknown
v3 : 4.2

13 Sep 2022, 16:15

Type Values Removed Values Added
Summary Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path, which can lead to privilege escalation. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation. Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.

12 Sep 2022, 18:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 6.7

09 Sep 2022, 03:37

Type Values Removed Values Added
CPE cpe:2.3:a:okta:active_directory_agent:3.11.0:*:*:*:*:*:*:*
cpe:2.3:a:okta:active_directory_agent:3.9.0:*:*:*:*:*:*:*
cpe:2.3:a:okta:active_directory_agent:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:okta:active_directory_agent:3.10.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CWE CWE-428
References (MISC) https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm - (MISC) https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm - Vendor Advisory
References (MISC) https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ - (MISC) https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ - Mitigation, Vendor Advisory
References (MISC) https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697 - (MISC) https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697 - Vendor Advisory

06 Sep 2022, 18:50

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-06 18:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-1697

Mitre link : CVE-2022-1697

CVE.ORG link : CVE-2022-1697


JSON object : View

Products Affected

okta

  • active_directory_agent
CWE
CWE-428

Unquoted Search Path or Element