Login Sign Up

CVE-2022-29849

7.8 HIGH

📋 TL;DR

This vulnerability allows local attackers to escalate privileges on Progress OpenEdge systems by exploiting SUID binaries. Affected users are those running OpenEdge versions before 11.7.14 or 12.x before 12.2.9. The attacker must have local access to the system to exploit this vulnerability.

💻 Affected Systems

Products:
  • Progress OpenEdge
Versions: OpenEdge before 11.7.14 and 12.x before 12.2.9
Operating Systems: Linux, Unix-based systems
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with SUID binaries from OpenEdge installation. Requires local user access.

📦 What is this software?

Openedge by Progress

View all CVEs affecting Openedge →

Openedge by Progress

View all CVEs affecting Openedge →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root privileges, allowing complete control over the affected system and potential lateral movement to other systems.

🟠

Likely Case

Local privilege escalation from a low-privileged user to root or administrative privileges, enabling unauthorized access to sensitive data and system resources.

🟢

If Mitigated

Limited impact with proper access controls, monitoring, and network segmentation in place, though the vulnerability still exists.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring existing access to the system.
🏢 Internal Only: HIGH - Internal users with local access could exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access and knowledge of vulnerable SUID binaries. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenEdge 11.7.14 or 12.2.9

Vendor Advisory: https://community.progress.com/s/article/Remediation-of-Privilege-Escalation-Security-Vulnerability-CVE-2022-29849

Restart Required: Yes

Instructions:

1. Download OpenEdge 11.7.14 or 12.2.9 from Progress website. 2. Backup current installation. 3. Stop all OpenEdge services. 4. Apply the update. 5. Restart services and verify functionality.

🔧 Temporary Workarounds

Remove SUID bits from vulnerable binaries

linux

Remove setuid permissions from affected OpenEdge binaries to prevent privilege escalation

chmod u-s /path/to/openedge/binary

Restrict access to OpenEdge binaries

linux

Limit which users can execute OpenEdge binaries

chmod 750 /path/to/openedge/directory
chown root:openedge /path/to/openedge/directory

🧯 If You Can't Patch

  • Implement strict access controls to limit who has local access to OpenEdge systems
  • Monitor for privilege escalation attempts and unusual SUID binary execution

🔍 How to Verify

Check if Vulnerable:

Check OpenEdge version: openedge -v or examine installation directory version files

Check Version:

openedge -v 2>/dev/null || grep -i version /usr/dlc/version.txt

Verify Fix Applied:

Verify version is 11.7.14 or higher for 11.x, or 12.2.9 or higher for 12.x

📡 Detection & Monitoring

Log Indicators:

  • Unusual SUID binary execution
  • Privilege escalation attempts in system logs
  • Failed sudo/su attempts followed by successful OpenEdge binary execution

Network Indicators:

  • None - this is a local attack

SIEM Query:

source="system_logs" AND (event="SUID" OR event="setuid") AND process="openedge*"

📊 Metadata

CVE ID: CVE-2022-29849
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: May 2, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON