Lucene search

K
hiveproHiveForce LabHIVEPRO:E84F8B6C5ACC25E1292D697BE03628CC
HistoryNov 30, 2022 - 11:46 a.m.

Adversaries strike critical Windows IKE flaw in the “Bleed You” campaign

2022-11-3011:46:31
HiveForce Lab
www.hivepro.com
19

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An active "Bleed You" campaign is leveraging a critical RCE (CVE-2022-34721) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions to assist subsequent malware and ransomware assaults and lateral network movement. This attack targeted vulnerable Windows operating systems, servers, protocols, and services.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H