Vulnerability Details : CVE-2022-1697
Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.
Exploit prediction scoring system (EPSS) score for CVE-2022-1697
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 31 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-1697
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
3.9
|
LOW | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L |
0.5
|
3.4
|
nvd@nist.gov |
CWE ids for CVE-2022-1697
-
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-1697
-
https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm
Update the Okta Active Directory agent | OktaVendor Advisory
-
https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697
Okta Active Directory Agent CVE-2022-1697 | Okta JSON APIVendor Advisory
-
https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ
Security Notice - CVE-2022-1697 - FAQMitigation;Vendor Advisory
Products affected by CVE-2022-1697
- cpe:2.3:a:okta:active_directory_agent:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:okta:active_directory_agent:3.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:okta:active_directory_agent:3.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:okta:active_directory_agent:3.8.0:*:*:*:*:*:*:*