VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 1, 2026· Updated Jun 1, 2026

CVE-2022-4991

CVE-2022-4991

Description

Tychon on Windows is vulnerable to privilege escalation because an unprivileged user can control the OpenSSL configuration directory, allowing arbitrary code execution as SYSTEM.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Tychon on Windows is vulnerable to privilege escalation because an unprivileged user can control the OpenSSL configuration directory, allowing arbitrary code execution as SYSTEM.

Vulnerability

Tychon utilizes an OpenSSL component that defines the OPENSSLDIR variable pointing to a subdirectory on the Windows filesystem that is writable by unprivileged users. A privileged service within Tychon relies on this component, creating a scenario where the application's configuration environment is susceptible to unauthorized modification [1].

Exploitation

An unprivileged local attacker can exploit this vulnerability by placing a specially-crafted openssl.cnf file into the directory path identified by the OPENSSLDIR variable. When the Tychon privileged service initializes or interacts with the OpenSSL component, it will load the malicious configuration file, leading to the execution of arbitrary code [1].

Impact

Successful exploitation of this vulnerability allows an unprivileged user to execute arbitrary code with SYSTEM privileges on the affected Windows system. This results in a complete compromise of the host, granting the attacker full control over the operating system [1].

Mitigation

This vulnerability is addressed in Tychon version 1.7.857.82. Users are advised to update to this version or later to remediate the issue [1].

References
  1. CERT/CC Vulnerability Note VU#730007

AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.