Cyber Resilience

CVE-2022-32223

High

Published: 14 July 2022

Published
14 July 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0811 92.3th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-32223 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Nodejs Node.Js. Its CVSS base score is 7.3 (High).

Operationally, ranked in the top 7.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Node.js is vulnerable to DLL hijacking on Windows when OpenSSL has been installed with the configuration file at C:\Program Files\Common Files\SSL\openssl.cnf present. Under these conditions, node.exe searches for providers.dll first in the current working directory and then follows the standard Windows DLL search order, enabling an attacker-supplied library to be loaded instead of the legitimate one. The issue is tracked as CWE-427 and carries a CVSS 3.1 score of 7.3.

An attacker with the ability to write a file to a location searched by node.exe can place a malicious providers.dll that will be executed when a privileged or targeted user subsequently runs Node.js. Successful exploitation grants the attacker arbitrary code execution with the privileges of the Node.js process, resulting in full control over confidentiality, integrity, and availability on the affected system. The attack requires local access and limited user interaction.

The EPSS score has remained low and essentially flat, with a current value of 0.0811 and a peak of only 0.0833, indicating no significant post-disclosure surge in exploitation interest. Node.js security releases published in July 2022 address the issue; practitioners should apply the updates referenced in the official advisories.

EU & UK References

Vulnerability details

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the…

more

above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

nodejs
node.js
14.0.0 — 14.14.0 · 14.14.0 — 14.20.0 · 16.0.0 — 16.12.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References