Command Injection Vulnerability in Okta Advanced Server Access Client for Windows
CVE-2022-24295

8.8HIGH

Key Information:

Vendor: Okta
Status: Okta Advanced Server Access Client
Vendor: CVE Published:; 21 February 2022

What is CVE-2022-24295?

The Okta Advanced Server Access Client for Windows versions prior to 1.57.0 is susceptible to a command injection vulnerability that can be exploited via a specially crafted URL. Successful exploitation could allow an attacker to execute arbitrary commands in the context of the affected application, potentially compromising the security of the system.

Affected Version(s)

Okta Advanced Server Access Client Prior to version 1.57.0

References

https://trust.okta.com/security-advisories/okta-advanced-...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2022
Vulnerability Reserved
Feb 1, 2022