CVE-2022-4991

7.4 HIGH

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged ...

Published: 2026-06-01 · Last updated: 2026-06-02

Severity and scoring

CVSS: 7.4 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2022-4991
[Other]https://www.kb.cert.org/vuls/id/730007