Unquoted Path Vulnerability in Okta Active Directory Agent
CVE-2022-1697

3.9LOW

Key Information:

Vendor

Okta

Status
Okta Active Directory Agent
Vendor
CVE Published:
6 September 2022

What is CVE-2022-1697?

The Okta Active Directory Agent, specifically versions 3.8.0 through 3.11.0, suffers from an unquoted path vulnerability when installing the Okta AD Agent Update Service. This type of vulnerability can be exploited to execute arbitrary commands, which could compromise the security of the system. For remediation, users must uninstall any affected versions and reinstall version 3.12.0 or newer, as outlined in the official documentation. Keeping your software up to date is crucial in maintaining the integrity of your security infrastructure.

Affected Version(s)

Okta Active Directory Agent 3.8.0, 3.9.0, 3.10.0, 3.11.0

References

https://trust.okta.com/security-advisories/okta-active-di...
x_refsource_MISC
https://help.okta.com/en-us/Content/Topics/Directory/ad-a...
x_refsource_MISC
https://support.okta.com/help/s/article/Security-Notice-C...
x_refsource_MISC

CVSS V3.1

Score:
3.9
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.