CVE-2022-0517

Summary

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.

Affected Software

VendorProductVersion RangeStatus
MozillaMozilla VPNunspecified < 2.7.1affected

Weaknesses

  • Local privilege escalation vis uncontrolled OpenSSL search path

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References