Show vulnerabilities with patch / with exploit

Security restrictions bypass in OpenSSL for Windows

Published: 2019-07-30
Severity Low
Patch available NO
Number of vulnerabilities 1
CVE ID CVE-2019-1552
Exploitation vector Local
Public exploit N/A
Vulnerable software
Server applications / Encryption software

Vendor OpenSSL Software Foundation

Security Advisory

This security advisory describes one low risk vulnerability.

1) Incorrect default permissions

Severity: Low

CVSSv3: 4.1 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2019-1552

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No


The vulnerability allows a local user to bypass security restrictions.

The vulnerability exists due to OpenSSL uses insecure by default directory with potentially insecure permissions for the OPENSSLDIR on Windows. A local user can modify OpenSSL's default configuration within the 'C:/usr/local' folder, insert CA certificates, modify (or even replace) existing engine modules and bypass security restrictions, based on OpenSSL security mechanisms. 


Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

As a mitigation, before official software release, it is recommended to use these commits:

- For 1.1.1, commit 54aa9d51b09d67e90db443f682cface795f5af9e
- For 1.1.0, commit e32bc855a81a2d48d215c506bdeb4f598045f7e9 and
- For 1.0.2, commit d333ebaf9c77332754a9d5e111e2f53e1de54fdd

Vulnerable software versions

OpenSSL: 1.0.2, 1.0.2a, 1.0.2b, 1.0.2c, 1.0.2d, 1.0.2e, 1.0.2f, 1.0.2g, 1.0.2h, 1.0.2i, 1.0.2j, 1.0.2k, 1.0.2l, 1.0.2m, 1.0.2n, 1.0.2o, 1.0.2p, 1.0.2q, 1.0.2r, 1.0.2s, 1.1.0, 1.1.0a, 1.1.0b, 1.1.0c, 1.1.0d, 1.1.0e, 1.1.0f, 1.1.0g, 1.1.0h, 1.1.0i, 1.1.0j, 1.1.0k, 1.1.1, 1.1.1a, 1.1.1b, 1.1.1c

CPE External links;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.