CVE-2022-1697

Published: Sep 6, 2022Modified: Nov 21, 2024

3.9

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Exploitability: 0.5 / Impact: 3.4

Source: NVD

Description

Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.

Affected (4)

Products: Okta: Active Directory Agent

1 product

Active Directory Agent

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Okta Active Directory Agent	Version 3.10.0
Okta Active Directory Agent	Version 3.11.0
Okta Active Directory Agent	Version 3.8.0
Okta Active Directory Agent	Version 3.9.0

Related CWEs

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (6)

https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm

Source: psirt@okta.com

Vendor Advisory

https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ

Source: psirt@okta.com

MitigationVendor Advisory

https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697

Source: psirt@okta.com

Vendor Advisory

https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.