search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Tychon is vulnerable to privilege escalation due to OPENSSLDIR location

Vulnerability Note VU#730007

Original Release Date: 2022-04-28 | Last Revised: 2022-04-28


Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files.


Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.


By placing a specially-crafted openssl.cnf in a location used by Tychon, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable Tychon software installed.


Apply an update

This issue is addressed in Tychon 1.7.857.82


This document was written by Will Dormann.

Vendor Information


Tychon Affected

Notified:  2022-03-10 Updated: 2022-04-28

Statement Date:   April 27, 2022

CVE-2022-26872 Affected

Vendor Statement

CVE-2022-26872 has been resolved with an update to the OpenSSL library TYCHON uses. The TYCHON Endpoint version 1.7.857.82 contains the fix to this vulnerability.

Other Information

CVE IDs: CVE-2022-26872
Date Public: 2022-04-28
Date First Published: 2022-04-28
Date Last Updated: 2022-04-28 13:07 UTC
Document Revision: 1

Sponsored by CISA.