1 min read

Mitigation Instructions for CVE-2022-2068

Mitigation Instructions for CVE-2022-2068

SUBJECT: Action Required: OpenSSL 1.1.1 Vulnerability Mitigation


DATE(S) ISSUED: 06/21/2022



OVERVIEW: This advisory outlines necessary actions to address a critical vulnerability in OpenSSL versions prior to 1.1.1p, identified under CVE-2022-2068. The vulnerability stems from improper sanitation of shell metacharacters by the c_rehash script, potentially leading to command injection attacks. This document details the vulnerability and provides steps for mitigation to safeguard your systems against potential exploits.


  • CVE-2022-2068 concerns a scenario where the c_rehash script, used for rehashing SSL certificates, fails to properly sanitize input. This flaw could allow an attacker to execute arbitrary commands with the script's privileges. The issue also extends to OpenSSL versions 3.0.0 through 3.0.3 and 1.0.2 through 1.0.2ze.
  • The use of c_rehash is deemed obsolete, with the recommendation to use the OpenSSL rehash command line tool instead.


  • Immediate Upgrade: Update to OpenSSL version 1.1.1p or newer. This update addresses the vulnerability and ensures enhanced security measures are in place.
  • Discontinue c_rehash Usage: Transition to using the rehash tool for certificate hashing tasks to avoid the vulnerabilities associated with c_rehash.


  • Severity: Critical, with a CVSS v3 base score of 9.8, indicating a high risk of exploitability.
  • Exploit Availability: Yes. Exploits for this vulnerability are known to be available, making immediate action crucial.
  • Patch Publication Date: 06/21/2022


  • Verify the successful upgrade of OpenSSL by checking the installed version.
  • Confirm the discontinuation of c_rehash in favor of the recommended tool.


  • CVE-2022-2068: For detailed information on the vulnerability.
  • OpenSSL Advisory: OpenSSL Security Advisory 20220621 provides comprehensive details on affected versions and the vulnerability.


  1. Review and identify any instances of OpenSSL versions prior to 1.1.1p.
  2. Schedule and perform the necessary upgrades to OpenSSL version 1.1.1p or later.
  3. Replace any usage of the c_rehash script with the rehash tool.
  4. Monitor for any related security advisories or updates from OpenSSL.

Your prompt attention to this matter is essential to maintain the security and integrity of your systems.


Mitigation Instructions for Adobe ColdFusion CVE-2023-29300

Mitigation Instructions for Adobe ColdFusion CVE-2023-29300

SUBJECT: CVE-2023-29300: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability - Detailed Mitigation Guide

Read More
Mitigation Instructions for Microsoft Exchange Server CVE-2024-21410

Mitigation Instructions for Microsoft Exchange Server CVE-2024-21410

SUBJECT: Critical Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

Read More
Mitigation Instructions for Cisco ASA and FTD CVE-2020-3259

Mitigation Instructions for Cisco ASA and FTD CVE-2020-3259

SUBJECT: Mitigate Cisco ASA and FTD Information Disclosure Vulnerability (CVE-2020-3259)

Read More