DATABASE RESOURCES PRICING ABOUT US

{"id": "QUALYSBLOG:AC756D2C7DB65BB8BC9FBD558B7F3AD3", "vendorId": null, "type": "qualysblog", "bulletinFamily": "blog", "title": "August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities with 15 Critical.", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 121 vulnerabilities (aka flaws) in the August 2022 update, including 17 vulnerabilities classified as **_Critical_** as they allow Elevation of Privilege (EoP) and Remote Code Execution (RCE). This month&#x27;s Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited***** in attacks ([CVE-2022-34713](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713>)*****,[ CVE-2022-30134](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>)). Earlier this month, August 5, 2022, Microsoft also released 20 Microsoft Edge (Chromium-Based) updates addressing Elevation of Privilege (EoP), Remote Code Execution (RCE), and Security Feature Bypass with severities of Low, Moderate, and Important respectively.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution (RCE), Security Feature Bypass, and Spoofing.\n\n## **The August 2022 Microsoft vulnerabilities are classified as follows:**\n\n\n\n [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/08/10/microsoft-patches-121-vulnerabilities-with-two-zero-days-and-17-critical-plus-20-microsoft-edge-chromium-based-in-august-2022-patch-tuesday/>)\n\n# **Notable Microsoft Vulnerabilities Patched**\n\nA vulnerability is classified as a zero-day if it is publicly disclosed or actively exploited with no official fix available.\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-34713](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713>) | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nIn May, Microsoft released a [blog](<https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/>) giving guidance for a vulnerability in MSDT and released updates to address it shortly thereafter. Public discussion of a vulnerability can encourage further scrutiny on the component, both by Microsoft security personnel as well as their research partners. _This CVE is a variant of the vulnerability publicly known as Dogwalk._\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected_**\n\n>  Qualys director of vulnerability and threat research, [Bharat Jogi](<https://blog.qualys.com/author/bharat_jogi>), said DogWalk had actually been reported back in 2019 but at the time was not thought to be dangerous as it required \u201csignificant user interaction to exploit,\u201d and there were other mitigations in place.\n> \n> - _Excerpt from [Surge in CVEs as Microsoft Fixes Exploited Zero Day Bug](<https://www.infosecurity-magazine.com/news/surge-cves-microsoft-fixes/>)_\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-30134](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>) | Microsoft Exchange Information Disclosure Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.6/10.\n\nThis vulnerability requires that a user with an affected version of Exchange Server access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message. For more information, see [Exchange Server Sup](<https://aka.ms/ExchangeEPDoc>)[port for Windows Extended Protection](<https://microsoft.github.io/CSS-Exchange/Security/Extended-Protection/>) and/or [The Exchange Blog](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862>).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Unlikely_**\n\n* * *\n\n## **Security Feature Bypass Vulnerabilities Addressed**\n\nThese are **standalone security updates**. These packages must be installed in addition to the normal security updates to be protected from this vulnerability.\n\nThese security updates have a Servicing Stack Update prerequisite for specific KB numbers. The packages have a built-in pre-requisite logic to ensure the ordering.\n\nMicrosoft customers should ensure they have installed the latest Servicing Stack Update before installing these standalone security updates. See [ADV990001 | Latest Servicing Stack Updates](<https://msrc.microsoft.com/update-guide/security-guidance/advisory/ADV990001>) for more information.\n\nAn attacker who successfully exploited either of these three (3) vulnerabilities could bypass Secure Boot.\n\n### CERT/CC: [CVE-2022-34301](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34301>) Eurosoft Boot Loader Bypass\n\n### CERT/CC: [CVE-2022-34302](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34302>) New Horizon Data Systems Inc Boot Loader Bypass\n\n### CERT/CC: [CVE-2022-34303](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34303>) Crypto Pro Boot Loader Bypass\n\nAt the time of publication, a CVSSv3.1 score has not been assigned.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Like_**ly\n\n* * *\n\n## **Microsoft Critical and Important Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug>) covers multiple Microsoft product families, including Azure, Browser, Developer Tools, [Extended Security Updates (ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>), Exchange Server, Microsoft Office, System Center,, and Windows.\n\nA total of 86 unique Microsoft products/versions are affected, including .NET, Azure, Edge (Chromium-based), Excel, Exchange Server (Cumulative Update), Microsoft 365 Apps for Enterprise, Office, Open Management Infrastructure, Outlook, and System Center Operations Manager (SCOM), Visual Studio, Windows Desktop, and Windows Server.\n\nDownloads include IE Cumulative, Monthly Rollup, Security Only, and Security Updates.\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-35766](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35766>), [CVE-2022-35794](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35794>) | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition.\n\nAn unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-30133](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30133>), [CVE-2022-35744](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35744>) | Windows Point-to-Point Protocol (PPP) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nThis vulnerability can only be exploited by communicating via Port 1723. As a temporary workaround prior to installing the updates that address this vulnerability, you can block traffic through that port thus rendering the vulnerability unexploitable. **Warning**: Disabling Port 1723 could affect communications over your network.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-34691](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691>) | Active Directory Domain Services Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nThis vulnerability can only be exploited by communicating via Port 1723. As a temporary workaround An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.\n\nPlease see [Certificate-based authentication changes on Windows domain controllers](<https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16>) for more information and ways to protect your domain.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-33646](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33646>) | Azure Batch Node Agent Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.0/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n## **Microsoft Edge | Last But Not Least**\n\nEarlier in August, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities [CVE-2022-33636](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636>), [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294>)[CVE-2022-33649](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649>), and [CVE-2022-35796](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35796>). The vulnerability assigned to each of these CVEs is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. For more information, please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>).\n\n### [CVE-2022-33649](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649>) | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.6/10.\n\nAn attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email. \n\nThe user would have to click on a specially crafted URL to be compromised by the attacker.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649>)[CVE-2022-33636](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636>), [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636>)[CVE-2022-35796](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35796>) | Microsoft Edge (Chromium-based) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.3/10. _[Per Microsoft&#x27;s severity guidelines](<https://www.microsoft.com/en-us/msrc/bounty-new-edge>), the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn&#x27;t allow for this type of nuance._\n\nAn attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released five (5) [advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 25 vulnerabilities affecting Adobe Acrobat and Reader, Commerce, FrameMaker, Illustrator, and Premiere Elements applications. Of these 25 vulnerabilities, 15 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**; ranging in severity from a CVSS score of 7.8/10 to 9.1/10, as summarized below.\n\n\n\n* * *\n\n### [APSB22-38](<https://helpx.adobe.com/security/products/magento/apsb22-38.html>) | Security update available for Adobe Commerce\n\nThis update resolves seven (7) vulnerabilities:\n\n * Four (4) **_[_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n * One (1) **_[Moderate](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>), [important](<https://helpx.adobe.com/security/severity-ratings.html>), and [moderate](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, and security feature bypass.\n\n* * *\n\n### [APSB22-39](<https://helpx.adobe.com/security/products/acrobat/apsb22-39.html>) | Security update available for Adobe Acrobat and Reader\n\nThis update resolves seven (7) vulnerabilities:\n\n * Three (3) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Four (4) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 2_\n\nAdobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-41](<https://helpx.adobe.com/security/products/illustrator/apsb22-41.html>) | Security Updates Available for Adobe Illustrator\n\nThis update resolves four (4) vulnerabilities:\n\n * Two (2) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Illustrator 2022. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-42](<https://helpx.adobe.com/security/products/framemaker/apsb22-42.html>) | Security update available for Adobe FrameMaker\n\nThis update resolves six (6) vulnerabilities:\n\n * Five (5) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * One (1) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe FrameMaker. This update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution \nand memory leak. \n\n* * *\n\n### [APSB22-43](<https://helpx.adobe.com/security/products/premiere_elements/apsb22-43.html>) | Security update available for Adobe Premiere Elements\n\nThis update resolves one (1) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe FrameMaker. This update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution \nand memory leak. \n\n* * *\n\n# **About Qualys Patch Tuesday**\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by Noon on Wednesday.\n\n## Qualys [Threat Protection](<https://www.qualys.com/apps/threat-protection/>) High-Rated Advisories for August 1-9, 2022 _New Content_\n\n * [Microsoft Patches 121 Vulnerabilities with Two Zero-days and 17 Critical; Plus 20 Microsoft Edge (Chromium-Based) in August 2022 Patch Tuesday](<https://threatprotect.qualys.com/2022/08/10/microsoft-patches-121-vulnerabilities-with-two-zero-days-and-17-critical-plus-20-microsoft-edge-chromium-based-in-august-2022-patch-tuesday/>)\n * [VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, &amp; CVE-2022-31675)](<https://threatprotect.qualys.com/2022/08/10/vmware-vrealize-operations-multiple-vulnerabilities-patched-in-the-latest-security-update-cve-2022-31672-cve-2022-31673-cve-2022-31674-cve-2022-31675/>)\n * [Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)](<https://threatprotect.qualys.com/2022/08/04/cisco-patched-small-business-rv-series-routers-multiple-vulnerabilities-cve-2022-20827-cve-2022-20841-and-cve-2022-20842/>)\n * [VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access](<https://threatprotect.qualys.com/2022/08/03/vmware-patched-multiple-vulnerabilities-in-vmware-products-including-identity-manager-vidm-and-workspace-one-access/>)\n * [Atlassian Confluence Server and Confluence Data Center \u2013 Questions for Confluence App \u2013 Hardcoded Password Vulnerability (CVE-2022-26138)](<https://threatprotect.qualys.com/2022/08/01/atlassian-confluence-server-and-confluence-data-center-questions-for-confluence-app-hardcoded-password-vulnerability-cve-2022-26138/>)\n\n* * *\n\n## Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`50121` OR qid:`91929` OR qid:`91931` OR qid:`91932` OR qid:`91933` OR qid:`91934` OR qid:`91935` OR qid:`91936` OR qid:`110413` OR qid:`110414` OR qid:`376813` ) \n\n\n\n [A Deep Dive into VMDR 2.0 with Qualys TruRisk\u2122](<https://blog.qualys.com/product-tech/2022/08/08/a-deep-dive-into-vmdr-2-0-with-qualys-trurisk>) _The old way of ranking vulnerabilities doesn\u2019t work anymore. Instead, enterprise security teams need to rate the true risks to their business. In this blog, we examine each of the risk scores delivered by Qualys TruRisk, the criteria used to compute them, and how they can be used to prioritize remediation._\n\n* * *\n\n## Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`50121` OR qid:`91929` OR qid:`91931` OR qid:`91932` OR qid:`91933` OR qid:`91934` OR qid:`91935` OR qid:`91936` OR qid:`110413` OR qid:`110414` OR qid:`376813` ) \n\n\n\n [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n## Evaluate Vendor-Suggested Workarounds with [Policy Compliance](<https://www.qualys.com/forms/policy-compliance/>) _New Content_\n\nQualys\u2019 [Policy Compliance Control Library](<https://vimeo.com/700790353>) makes it easy to evaluate your technology infrastructure when the current situation requires the implementation of a vendor-suggested workaround. A workaround is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn&#x27;t working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. _ [Source](<https://www.techtarget.com/whatis/definition/workaround>)_\n\nThe following Qualys [Policy Compliance Control IDs (CIDs), and System Defined Controls (SDC) ](<https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/module_pc/controls/controls_lp.htm>)have been updated to support Microsoft recommended workaround for this Patch Tuesday:\n\n#### **[CVE-2022-35793](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35793>) | Windows Print Spooler Elevation of Privilege (EoP) Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 7.3/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 1368: Status of the \u2018Print Spooler\u2019 service\n * 21711: Status of the \u2018Allow Print Spooler to accept client connections\u2019 group policy setting \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation More Likely\n\n* * *\n\n#### **[CVE-2022-35804](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35804>)** | **SMB Client and Server Remote Code Execution (RCE) Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 24476: Status of the SMBv3 Client compressions setting\n * 20233: Status of the SMBv3 Server compressions setting \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation More Likely\n\n* * *\n\n#### ****[CVE-2022-35755](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35755>)** | **Windows Print Spooler Elevation of Privilege (EoP) Vulnerability****\n\nThis vulnerability has a CVSSv3.1 score of 7.3/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 1368: Status of the \u2018Print Spooler\u2019 service\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation More Likely\n\n* * *\n\n#### **[CVE-2022-30133](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30133>)**, **[CVE-2022-35744](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35744>)** | **Windows Point-to-Point Protocol (PPP) Remote Code Execution (RCE) Vulnerability** \n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 11220: List of \u2018Inbound Rules\u2019 configured in Windows Firewall with Advanced Security via GPO\n * 14028: List of \u2018Outbound Rules\u2019 configured in Windows Firewall with Advanced Security via GPO\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation Less Likely\n\n* * *\n\n#### **[CVE-2022-34715](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34715>): Windows Network File System Remote Code Execution (RCE) Vulnerability** \n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 24139: Status of the Windows Network File System (NFSV4) service\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation Less Likely\n\n* * *\n\n#### ****[CVE-2022-34691](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691>): Active Directory Domain Services Elevation of Privilege (EoP) Vulnerability****\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 4079: Status of the \u2018Active Directory Certificate Service\u2019\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation Less Likely\n\n* * *\n\nThe following QQL will return a posture assessment for the CIDs for this Patch Tuesday:\n \n \n control:( id:`1368` OR id:`4079` OR id:`11220` OR id:`14028` OR id:`20233` OR id:`21711` OR id:`24139` OR id:`24476` ) \n\n\n\n [Mitigating the Risk of Zero-Day Vulnerabilities by using Compensating Controls](<https://blog.qualys.com/vulnerabilities-threat-research/2022/08/23/mitigating-the-risk-of-zero-day-vulnerabilities-by-using-compensating-controls>)\n\n [Policy Compliance (PC) | Policy Library Update Blogs](<https://notifications.qualys.com/tag/policy-library>)\n\n* * *\n\n##### Patch Tuesday is Complete.\n\n* * *\n\n# Qualys Monthly Webinar Series \n\n\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month&#x27;s Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities &amp; Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)", "published": "2022-08-09T20:00:00", "modified": "2022-08-09T20:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "reporter": "Debra M. Fezza Reed", "references": [], "cvelist": ["CVE-2022-20827", "CVE-2022-20841", "CVE-2022-20842", "CVE-2022-22047", "CVE-2022-2294", "CVE-2022-26138", "CVE-2022-30133", "CVE-2022-30134", "CVE-2022-30190", "CVE-2022-31672", "CVE-2022-31673", "CVE-2022-31674", "CVE-2022-31675", "CVE-2022-33636", "CVE-2022-33646", "CVE-2022-33649", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34691", "CVE-2022-34713", "CVE-2022-34715", "CVE-2022-35744", "CVE-2022-35755", "CVE-2022-35766", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35796", "CVE-2022-35804"], "immutableFields": [], "lastseen": "2022-09-14T00:03:27", "viewCount": 558, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "apple", "idList": ["APPLE:37AFBB95AFD80D918469C22F0A05655D", "APPLE:71C798D0F46D1E956B1D27B4A004E9B9", "APPLE:DF68F7FFE1ED4E5157204A83619C4B89"]}, {"type": "atlassian", "idList": ["CONFSERVER-79483"]}, {"type": "attackerkb", "idList": ["AKB:06DA4012-8C8E-4534-A099-AE4F2449F9B3", "AKB:0B6E13D5-84E0-4D3E-BD21-781032FA30ED", "AKB:1FA9A53C-0452-4411-96C9-C0DD833F8D18", "AKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61", "AKB:5FAD5EC2-E77A-4F4A-B3DC-61A700F1B059", "AKB:8049CCA9-ACA9-4288-8493-4153794BD621"]}, {"type": "avleonov", "idList": ["AVLEONOV:37BE727F2D0C216B8B10BD6CBE6BD061", "AVLEONOV:4B6EFA5DE55BAEFCD9C72826A3524969", "AVLEONOV:4E65E4AC928647D5E246B06B953BBC6F", "AVLEONOV:B87691B304EF70215B926F66B871260A"]}, {"type": "cert", "idList": ["VU:309662"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0283", "CPAI-2022-0362", "CPAI-2022-0467", "CPAI-2022-0471", "CPAI-2022-0474", "CPAI-2022-0475"]}, {"type": "chrome", "idList": ["GCSA-5089288012050676645", "GCSA-7720125337817983232"]}, {"type": "cisa", "idList": ["CISA:B99FA8E68B4D7FF5BA1F6693AC9C7CCF", "CISA:F30D0D7B72453DC3FC64D2AC1AA31F33"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2022-22047", "CISA-KEV-CVE-2022-2294", "CISA-KEV-CVE-2022-26138", "CISA-KEV-CVE-2022-30190", "CISA-KEV-CVE-2022-34713"]}, {"type": "cisco", "idList": ["CISCO-SA-SB-MULT-VULN-CBVP4SUR"]}, {"type": "cnvd", "idList": ["CNVD-2022-56255"]}, {"type": "cve", "idList": ["CVE-2022-20827", "CVE-2022-20841", "CVE-2022-20842", "CVE-2022-21979", "CVE-2022-22026", "CVE-2022-22047", "CVE-2022-22049", "CVE-2022-2294", "CVE-2022-26138", "CVE-2022-30133", "CVE-2022-30134", "CVE-2022-30190", "CVE-2022-31672", "CVE-2022-31673", "CVE-2022-31674", "CVE-2022-31675", "CVE-2022-33636", "CVE-2022-33646", "CVE-2022-33649", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34691", "CVE-2022-34692", "CVE-2022-34702", "CVE-2022-34713", "CVE-2022-34714", "CVE-2022-34715", "CVE-2022-35766", "CVE-2022-35767", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35796", "CVE-2022-35804"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5180-1:E631C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-2294"]}, {"type": "fedora", "idList": ["FEDORA:1AA1C30A3C1B", "FEDORA:29E5830A072A"]}, {"type": "freebsd", "idList": ["744EC9D7-FE0F-11EC-BCD2-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202208-35", "GLSA-202208-39"]}, {"type": "githubexploit", "idList": ["005DDBE6-0F17-58D7-9DC2-4D1F01F2A8FD", "02FCE52D-5E91-5C57-A40A-DE4FF7C726A3", "0AD00567-1561-5CE2-8DA5-E64B286CBCAC", "0E951B86-8BC4-54D9-BE2B-7B5DD988D1A0", "120220D8-2281-57EE-BD84-1A33B8841E56", "1840A140-1CD9-55F2-A8BD-9B7B27779956", "1CC55581-1C7F-5DA8-A34C-FA125B3D510A", "1E1DD2F1-F609-5686-A0EF-1C08ACABF537", "221070D3-0B31-5CF7-A508-B4740B63647B", "30F42F9A-5E27-592E-BE65-B85DC7E22075", "37F78533-E96A-5433-B558-90DB82C0BB27", "39D1AD81-7117-5EA3-8421-A33979B77F49", "4881AA63-B127-594A-8F5B-ED68FD4BB9FF", "56417A88-33CB-520F-8FC3-4F3E49561DDC", "5B74BEF9-0D39-5A60-8806-ABA55730878C", "5E983FEF-4BE8-5A69-BABE-3CFFC983F1B5", "633FDFCF-0DF4-5FE6-B5DF-85F847D6D31E", "66A7ADCB-1EAD-519B-9B1F-5694A2860BA1", "675E960A-9F2E-5575-8C21-8528492BE5C6", "6AF23F99-AE40-5899-AD81-AE3F71760F38", "70407390-C149-54F1-89B0-7611FB420601", "705BFDF7-98C8-5300-AB18-E9EEE465AE5F", "71065DAD-91FD-5CFB-9F35-CA3E1837FF2C", "74AB19DC-78DE-56B8-8EB3-DBFA48B17AD5", "75389328-1B05-5056-B8C0-C624BF0343AD", "8516D742-8A1C-521C-8372-26BA9FBA2200", "8FDF5020-8C7F-5695-ADD0-58100BD21FFF", "9CB70E27-04CC-50BC-9F3E-2907ABA654EA", "A4440EF1-5891-5FCD-BA92-DD2B6E54C7F0", "A78746B7-318B-5981-A2EB-2D5BA5C26514", "B2474BAA-4133-5059-8F0B-5BAAE9664466", "B3146F3C-4919-564B-8B1E-752FCA30B8D9", "BAA0F684-952E-5B9E-B207-0419A33AC53B", "BC3F41CB-4333-5CCE-85A9-7064DAA6019A", "D70A4D0B-027B-57A1-B882-C70D16FCA9C3", "E34732DA-6DCA-54FF-8A7A-C1CCE3D1B1DE", "E443E98A-3304-54B8-97FD-0FEF9DA283B3", "E51E8D61-BAA6-5098-9EEE-50DD18427F87", "E6B6EDFD-3B78-58CA-B507-093047F89BB1", "F437A0D1-7913-51F2-9D43-8BC2DE62A636", "F8ECE1BA-CC33-5566-B57C-1AB243A48E28", "F96D1468-D4E5-54F8-A03B-503ABF9BC416", "FAF36735-05C9-50E1-B458-BA2E15B5EB99", "FC455648-370A-582B-A03A-6299DDC272F6", "FCCAAA4B-646B-578D-8CE2-5439E7799C32", "FD6B81DE-3BFF-5BC7-BD1F-E90103B8FBEF", "FFA2D3A3-AFD4-580B-8424-EE4844976B65"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA"]}, {"type": "hivepro", "idList": ["HIVEPRO:2FBDBD20FF69ADDF5A541D1E5B3D0809", "HIVEPRO:A3588E2F7CB7E12883BF5D4F364E645F", "HIVEPRO:B84508E062BD1F35232DF0CC7CDDC761", "HIVEPRO:CA37C8D639BE8660B8996BB5FB4F3C0F", "HIVEPRO:D92A8F5DF20362E41FF86142A0BECE42"]}, {"type": "kaspersky", "idList": ["KLA12549", "KLA12550", "KLA12578", "KLA12579", "KLA12580", "KLA12581", "KLA12587", "KLA12601", "KLA12602", "KLA12603", "KLA12604", "KLA12608"]}, {"type": "krebs", "idList": ["KREBS:2752861A306F74170D69FBD9E0DC3AAB", "KREBS:4D5B2D5FA1A6E077B46D7F3051319E72", "KREBS:E877FCDD28FB558BB4B6AFF240F30EA8"]}, {"type": "mageia", "idList": ["MGASA-2022-0287"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:0647495F01C9F1847B118A9E32BC6C13", "MALWAREBYTES:08FDD3DEF41B63F1DEB23C21DCFDB12D", "MALWAREBYTES:1E762A45A948B3FD9F8A8DC65D028095", "MALWAREBYTES:601DFC536D9D87A387DA9E6DFB431092", "MALWAREBYTES:69B09CC9DBBA58546698D97B0C4BAAF0", "MALWAREBYTES:6AC81D4001C847401760BE111E21585B", "MALWAREBYTES:6E72426C60EECBEF071E305072060892", "MALWAREBYTES:90BD6A9BB937B6617FDC4FE73A86B38A", "MALWAREBYTES:96F58422910DF7040786EDB21736E547", "MALWAREBYTES:9E683A8CBB0F4ADB76A7183C47833E13", "MALWAREBYTES:A92CA3CF06DBCD086A388A462B770E3B", "MALWAREBYTES:C12260C49D2707E0A0D4432F046C6184"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-WINDOWS-FILEFORMAT-WORD_MSDTJS_RCE-"]}, {"type": "mmpc", "idList": ["MMPC:85647D37E79AFEF2BFF74B4682648C5E"]}, {"type": "mscve", "idList": ["MS:CVE-2022-21979", "MS:CVE-2022-22026", "MS:CVE-2022-22047", "MS:CVE-2022-22049", "MS:CVE-2022-2294", "MS:CVE-2022-30133", "MS:CVE-2022-30134", "MS:CVE-2022-30190", "MS:CVE-2022-33636", "MS:CVE-2022-33646", "MS:CVE-2022-33649", "MS:CVE-2022-34301", "MS:CVE-2022-34302", "MS:CVE-2022-34303", "MS:CVE-2022-34691", "MS:CVE-2022-34692", "MS:CVE-2022-34702", "MS:CVE-2022-34713", "MS:CVE-2022-34714", "MS:CVE-2022-34715", "MS:CVE-2022-35744", "MS:CVE-2022-35755", "MS:CVE-2022-35766", "MS:CVE-2022-35767", "MS:CVE-2022-35793", "MS:CVE-2022-35794", "MS:CVE-2022-35796", "MS:CVE-2022-35804"]}, {"type": "mskb", "idList": ["KB5012170", "KB5015321", "KB5015322", "KB5015874", "KB5015877"]}, {"type": "msrc", "idList": ["MSRC:4C56F4539ADD1B17DFD44549ADFEE2FF"]}, {"type": "mssecure", "idList": ["MSSECURE:85647D37E79AFEF2BFF74B4682648C5E"]}, {"type": "nessus", "idList": ["701415.PASL", "APPLE_IOS_156_CHECK.NBIN", "CISCO-SA-SB-MULT-VULN-CBVP4SUR.NASL", "CISCO-SA-SB-MULT-VULN-CBVP4SUR_CVE-2022-20842.NASL", "CONFLUENCE_CONFSERVER-79483.NASL", "CONFLUENCE_CVE-2022-26138.NASL", "DEBIAN_DSA-5180.NASL", "FREEBSD_PKG_744EC9D7FE0F11ECBCD23065EC8FD3EC.NASL", "GENTOO_GLSA-202208-35.NASL", "GENTOO_GLSA-202208-39.NASL", "GOOGLE_CHROME_103_0_5060_114.NASL", "MACOSX_GOOGLE_CHROME_103_0_5060_114.NASL", "MACOS_HT213345.NASL", "MICROSOFT_EDGE_CHROMIUM_103_0_1264_49.NASL", "MICROSOFT_EDGE_CHROMIUM_104_0_1293_47.NASL", "MSDT_RCE_CVE_2022-30190_REG_CHECK.NASL", "OPENSUSE-2022-10055-1.NASL", "OPENSUSE-2022-10057-1.NASL", "OPENSUSE-2022-10087-1.NASL", "OPENSUSE-2022-10088-1.NASL", "SMB_NT_MS22_AUG_5016616.NASL", "SMB_NT_MS22_AUG_5016622.NASL", "SMB_NT_MS22_AUG_5016623.NASL", "SMB_NT_MS22_AUG_5016627.NASL", "SMB_NT_MS22_AUG_5016629.NASL", "SMB_NT_MS22_AUG_5016639.NASL", "SMB_NT_MS22_AUG_5016679.NASL", "SMB_NT_MS22_AUG_5016683.NASL", "SMB_NT_MS22_AUG_5016684.NASL", "SMB_NT_MS22_AUG_5016686.NASL", "SMB_NT_MS22_AUG_EXCHANGE.NASL", "SMB_NT_MS22_JUL_5015807.NASL", "SMB_NT_MS22_JUL_5015808.NASL", "SMB_NT_MS22_JUL_5015811.NASL", "SMB_NT_MS22_JUL_5015814.NASL", "SMB_NT_MS22_JUL_5015827.NASL", "SMB_NT_MS22_JUL_5015832.NASL", "SMB_NT_MS22_JUL_5015862.NASL", "SMB_NT_MS22_JUL_5015870.NASL", "SMB_NT_MS22_JUL_5015875.NASL", "SMB_NT_MS22_JUL_5015877.NASL", "SMB_NT_MS22_JUN_5014678.NASL", "SMB_NT_MS22_JUN_5014692.NASL", "SMB_NT_MS22_JUN_5014697.NASL", "SMB_NT_MS22_JUN_5014699.NASL", "SMB_NT_MS22_JUN_5014702.NASL", "SMB_NT_MS22_JUN_5014710.NASL", "SMB_NT_MS22_JUN_5014741.NASL", "SMB_NT_MS22_JUN_5014742.NASL", "SMB_NT_MS22_JUN_5014743.NASL", "SMB_NT_MS22_JUN_5014746.NASL", "UBUNTU_USN-5568-1.NASL", "VMWARE_VREALIZE_OPERATIONS_VMSA-2022-0022.NASL", "WEB_APPLICATION_SCANNING_113328"]}, {"type": "osv", "idList": ["OSV:DSA-5180-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:167317", "PACKETSTORM:167438"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:E6B48FF79C5D0D1E4DD360F6010F2A93"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:65C282BB0F312A3AD8A043024FD3D866", "QUALYSBLOG:A0F20902D80081B44813D92C6DCCDAAF", "QUALYSBLOG:A63B251EBA1A69DBCD57674990704F6C", "QUALYSBLOG:AE4AA7402829D66599C8A25E83DD0FD2", "QUALYSBLOG:BB3D6B2DDD8D4FA41B52503EF011FDA4", "QUALYSBLOG:DE2E40D3BB574E53C7448F3A304849C9", "QUALYSBLOG:F9C2629D40A6DC7640DB3D6BD4FB60B3"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:36C78C12B88BFE8FEF93D8EF7A7AA553", "RAPID7BLOG:509F3BE1FB927288AB4D3BD9A3090852", "RAPID7BLOG:882168BD332366CE296FB09DC00E018E", "RAPID7BLOG:ADAE3CACA7F41A02C12F44F4616369FF", "RAPID7BLOG:AF9402873FB7ED43C52806FDEB7BC6DD", "RAPID7BLOG:B294A0F514563C5FBF86F841910C60BE", "RAPID7BLOG:B54637535A9D368B19D4D9881C6C34B3", "RAPID7BLOG:C45DEEA0736048FF17FF9A53E337C92D"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-34301", "RH:CVE-2022-34302", "RH:CVE-2022-34303"]}, {"type": "schneier", "idList": ["SCHNEIER:FECDA04283F9CFE2D14C1550420A1804"]}, {"type": "securelist", "idList": ["SECURELIST:0ED76DA480D73D593C82769757DFD87A", "SECURELIST:29152837444B2A7E5A9B9FCB107DAB36", "SECURELIST:D9AF9603FDB076FD6351B6ED483A4947"]}, {"type": "srcincite", "idList": ["SRC-2022-0017", "SRC-2022-0018", "SRC-2022-0019", "SRC-2022-0020"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:10055-1", "OPENSUSE-SU-2022:10057-1", "OPENSUSE-SU-2022:10087-1", "OPENSUSE-SU-2022:10088-1"]}, {"type": "talosblog", "idList": ["TALOSBLOG:1CC8B88D18FD4407B2AEF8B648A80C27", "TALOSBLOG:A956D5C24762AE2DD21C63305475F8AB", "TALOSBLOG:DE5281D9A4A03E4FA1F2A0B62B527489", "TALOSBLOG:E9524F807CE78585C607B458809D0AD7", "TALOSBLOG:F032D3BBC6D695272384D4A3821130BF"]}, {"type": "thn", "idList": ["THN:0ADE883013E260B4548F6E16D65487D3", "THN:1EFEC00D867275514EA180819C9EF104", "THN:21FC29F7D7C7E2DA7D2F19E89085FD55", "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "THN:2E90A09BA23747C57B4B5C9ED7D13ED9", "THN:35E0781FC3AEDCA2324C9B95396A5FF7", "THN:49CD77302B5D845459BA34357D9C011C", "THN:5D50D5AA81EE14FA1044614364EAEBC6", "THN:659E57C980959B9830361E6D3C4D2687", "THN:6C7E32993558CB9F19CAE15C18522582", "THN:7A6D54BC76D090840197DDF871D59731", "THN:80C4CCCAB293DD273948D1317EAC8B73", "THN:8C2FBC83F6EC62900F1887F00903447F", "THN:8C7C0BBCE90D4B2076F46E011BAB609D", "THN:903DA191DF3BA66EAAE7A8394E69A740", "THN:908A39F901145B6FD175B16E95137ACC", "THN:A24E3ECC17FDA35932981ED1D0B9B351", "THN:A48A11A9708B43B68518F6625F1C0CB8", "THN:B8CBCDA7152660D9AE3D4E058B7B9B0F", "THN:CD69EF060C75E2FF4DB33C7C492E75B1", "THN:D9A5562FBD56B3B0FF85376C9BCF0A10", "THN:DFA2CC41C78DFA4BED87B1410C21CE2A", "THN:DFB68B1B6C2EFBB410EB54D83320B71C", "THN:EDC4E93542AFAF751E67BF527C826DA4", "THN:F050B7CE35D52E330ED83AACF83D6B29"]}, {"type": "threatpost", "idList": ["THREATPOST:24243FD4F7B9BDBDAC283E15D460128F", "THREATPOST:4365205CB12A4437E20A1077682B9CF8", "THREATPOST:44942C746E9FFDC2F783FA19F0AFD348", "THREATPOST:4C8D995307A845304CF691725B2352A2", "THREATPOST:781705ADC10B0D40FC4B8D835FA5EA6D", "THREATPOST:91A97EE2BD6933FEB9A07162BD4ED8B5", "THREATPOST:A8A7A761CD72E2732BD9E3C75C4A2ACC"]}, {"type": "ubuntu", "idList": ["USN-5568-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-2294"]}, {"type": "veracode", "idList": ["VERACODE:36373"]}, {"type": "vmware", "idList": ["VMSA-2022-0022"]}, {"type": "zdi", "idList": ["ZDI-22-1047", "ZDI-22-1185"]}, {"type": "zdt", "idList": ["1337DAY-ID-37779"]}]}, "epss": [{"cve": "CVE-2022-20827", "epss": "0.001860000", "percentile": "0.541560000", "modified": "2023-03-19"}, {"cve": "CVE-2022-20841", "epss": "0.000840000", "percentile": "0.340300000", "modified": "2023-03-19"}, {"cve": "CVE-2022-20842", "epss": "0.001110000", "percentile": "0.427170000", "modified": "2023-03-19"}, {"cve": "CVE-2022-22047", "epss": "0.000560000", "percentile": "0.214740000", "modified": "2023-03-19"}, {"cve": "CVE-2022-2294", "epss": "0.004260000", "percentile": "0.703480000", "modified": "2023-03-19"}, {"cve": "CVE-2022-26138", "epss": "0.973890000", "percentile": "0.998230000", "modified": "2023-03-19"}, {"cve": "CVE-2022-30133", "epss": "0.018160000", "percentile": "0.863100000", "modified": "2023-03-19"}, {"cve": "CVE-2022-30134", "epss": "0.000740000", "percentile": "0.300280000", "modified": "2023-03-19"}, {"cve": "CVE-2022-30190", "epss": "0.974350000", "percentile": "0.998820000", "modified": "2023-03-19"}, {"cve": "CVE-2022-31672", "epss": "0.000460000", "percentile": "0.128270000", "modified": "2023-03-19"}, {"cve": "CVE-2022-31673", "epss": "0.000960000", "percentile": "0.387520000", "modified": "2023-03-19"}, {"cve": "CVE-2022-31674", "epss": "0.000430000", "percentile": "0.077930000", "modified": "2023-03-19"}, {"cve": "CVE-2022-31675", "epss": "0.000460000", "percentile": "0.140480000", "modified": "2023-03-19"}, {"cve": "CVE-2022-33636", "epss": "0.003460000", "percentile": "0.671490000", "modified": "2023-03-19"}, {"cve": "CVE-2022-33646", "epss": "0.000480000", "percentile": "0.144810000", "modified": "2023-03-19"}, {"cve": "CVE-2022-33649", "epss": "0.000850000", "percentile": "0.345350000", "modified": "2023-03-19"}, {"cve": "CVE-2022-34301", "epss": "0.000570000", "percentile": "0.217590000", "modified": "2023-03-19"}, {"cve": "CVE-2022-34302", "epss": "0.000570000", "percentile": "0.217590000", "modified": "2023-03-19"}, {"cve": "CVE-2022-34303", "epss": "0.000570000", "percentile": "0.217590000", "modified": "2023-03-19"}, {"cve": "CVE-2022-34691", "epss": "0.000570000", "percentile": "0.215410000", "modified": "2023-03-19"}, {"cve": "CVE-2022-34713", "epss": "0.869310000", "percentile": "0.980020000", "modified": "2023-03-19"}, {"cve": "CVE-2022-34715", "epss": "0.938520000", "percentile": "0.985940000", "modified": "2023-03-19"}, {"cve": "CVE-2022-35766", "epss": "0.004170000", "percentile": "0.701000000", "modified": "2023-03-19"}, {"cve": "CVE-2022-35793", "epss": "0.000530000", "percentile": "0.188550000", "modified": "2023-03-19"}, {"cve": "CVE-2022-35794", "epss": "0.042060000", "percentile": "0.908960000", "modified": "2023-03-19"}, {"cve": "CVE-2022-35796", "epss": "0.001120000", "percentile": "0.429270000", "modified": "2023-03-19"}, {"cve": "CVE-2022-35804", "epss": "0.063850000", "percentile": "0.925300000", "modified": "2023-03-19"}], "vulnersScore": 0.2}, "_state": {"score": 1698846685, "dependencies": 1663114040, "epss": 1679302437}, "_internal": {"score_hash": "6428d5efa616f2cab1327c003fb1e6ef"}}

{"vmware": [{"lastseen": "2023-12-03T16:01:18", "description": "3a. Privilege Escalation Vulnerability (CVE-2022-31672) \n\nVMware vRealize Operations contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. \n\n3b. Information Disclosure Vulnerability (CVE-2022-31673) \n\nVMware vRealize Operations contains an information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5. \n\n3c. Information Disclosure Vulnerability (CVE-2022-31674) \n\nVMware vRealize Operations contains an information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5. \n\n3d. Authentication Bypass Vulnerability (CVE-2022-31675) \n\nVMware vRealize Operations contains an authentication bypass vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.6.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T00:00:00", "type": "vmware", "title": "VMware vRealize Operations contains multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31672", "CVE-2022-31673", "CVE-2022-31674", "CVE-2022-31675"], "modified": "2022-08-09T00:00:00", "id": "VMSA-2022-0022", "href": "https://www.vmware.com/security/advisories/VMSA-2022-0022.html", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-09-24T16:04:03", "description": "The version of VMware vRealize Operations (vROps) running on the remote host is 8.x prior to 8.6.4. It is, therefore, affected by a multiple vulnerabilities:\n\n - A malicious actor with administrative network access can escalate privileges to root. (CVE-2022-31672)\n\n - A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution. (CVE-2022-31673)\n\n - A low-privileged malicious actor with network access can access log files that lead to information disclosure. (CVE-2022-31674)\n\n - An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. (CVE-2022-31675)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "VMware vRealize Operations 8.x < 8.6.4 Multiple Vulnerabilities (VMSA-2022-0022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-31672", "CVE-2022-31673", "CVE-2022-31674", "CVE-2022-31675"], "modified": "2023-01-26T00:00:00", "cpe": ["cpe:/a:vmware:vrealize_operations"], "id": "VMWARE_VREALIZE_OPERATIONS_VMSA-2022-0022.NASL", "href": "https://www.tenable.com/plugins/nessus/164148", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164148);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/26\");\n\n script_cve_id(\n \"CVE-2022-31672\",\n \"CVE-2022-31673\",\n \"CVE-2022-31674\",\n \"CVE-2022-31675\"\n );\n script_xref(name:\"VMSA\", value:\"2022-0022\");\n script_xref(name:\"IAVA\", value:\"2022-A-0326\");\n\n script_name(english:\"VMware vRealize Operations 8.x < 8.6.4 Multiple Vulnerabilities (VMSA-2022-0022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"VMware vRealize Operations running on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware vRealize Operations (vROps) running on the remote host is 8.x prior to 8.6.4. It is, therefore,\naffected by a multiple vulnerabilities:\n\n - A malicious actor with administrative network access can escalate privileges to root. (CVE-2022-31672)\n\n - A low-privileged malicious actor with network access can create and leak hex dumps, leading to information\n disclosure. Successful exploitation can lead to a remote code execution. (CVE-2022-31673)\n\n - A low-privileged malicious actor with network access can access log files that lead to information\n disclosure. (CVE-2022-31674)\n\n - An unauthenticated malicious actor with network access may be able to create a user with administrative\n privileges. (CVE-2022-31675)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2021-0018.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vRealize Operations Manager version 8.6.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-31673\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vrealize_operations\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vrealize_operations_manager_webui_detect.nbin\");\n script_require_keys(\"installed_sw/vRealize Operations Manager\");\n script_require_ports(\"Services/www\", 443);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar app = 'vRealize Operations Manager';\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nvar port = get_http_port(default:443);\n\nvar app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\n\nvar constraints = [\n {'min_version':'8.0.0', 'fixed_version':'8.6.4'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-16T13:17:49", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2487 advisory.\n\n - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. (CVE-2022-3287)\n\n - A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34301)\n\n - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre- boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34302)\n\n - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.\n Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-12T00:00:00", "type": "nessus", "title": "RHEL 9 : fwupd (RHSA-2023:2487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3287", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-05-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:fwupd-plugin-flashrom", "cpe:/o:redhat:enterprise_linux:9", "p-cpe:/a:redhat:enterprise_linux:fwupd", "p-cpe:/a:redhat:enterprise_linux:fwupd-devel", "cpe:/o:redhat:rhel_eus:9.2"], "id": "REDHAT-RHSA-2023-2487.NASL", "href": "https://www.tenable.com/plugins/nessus/175438", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:2487. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175438);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2022-3287\",\n \"CVE-2022-34301\",\n \"CVE-2022-34302\",\n \"CVE-2022-34303\"\n );\n script_xref(name:\"RHSA\", value:\"2023:2487\");\n\n script_name(english:\"RHEL 9 : fwupd (RHSA-2023:2487)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:2487 advisory.\n\n - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to\n /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same\n configuration file. (CVE-2022-3287)\n\n - A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this\n bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code\n in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use\n with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34301)\n\n - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader\n to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-\n boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this\n bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34302)\n\n - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass\n or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage,\n an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.\n Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-3287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-34301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-34302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-34303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:2487\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fwupd, fwupd-devel and / or fwupd-plugin-flashrom packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3287\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34303\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(256, 494, 552);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupd-plugin-flashrom\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel9/9.2/x86_64/appstream/debug',\n 'content/aus/rhel9/9.2/x86_64/appstream/os',\n 'content/aus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel9/9.2/x86_64/baseos/debug',\n 'content/aus/rhel9/9.2/x86_64/baseos/os',\n 'content/aus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.2/aarch64/appstream/os',\n 'content/e4s/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.2/aarch64/baseos/os',\n 'content/e4s/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/debug',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/os',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/debug',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/os',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/os',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.2/x86_64/appstream/os',\n 'content/e4s/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.2/x86_64/baseos/os',\n 'content/e4s/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap/os',\n 'content/e4s/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/appstream/debug',\n 'content/eus/rhel9/9.2/aarch64/appstream/os',\n 'content/eus/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/baseos/debug',\n 'content/eus/rhel9/9.2/aarch64/baseos/os',\n 'content/eus/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.2/aarch64/highavailability/os',\n 'content/eus/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.2/aarch64/supplementary/os',\n 'content/eus/rhel9/9.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/appstream/debug',\n 'content/eus/rhel9/9.2/ppc64le/appstream/os',\n 'content/eus/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/baseos/debug',\n 'content/eus/rhel9/9.2/ppc64le/baseos/os',\n 'content/eus/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/os',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap/os',\n 'content/eus/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/debug',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/os',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/appstream/debug',\n 'content/eus/rhel9/9.2/x86_64/appstream/os',\n 'content/eus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/baseos/debug',\n 'content/eus/rhel9/9.2/x86_64/baseos/os',\n 'content/eus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.2/x86_64/highavailability/os',\n 'content/eus/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap/debug',\n 'content/eus/rhel9/9.2/x86_64/sap/os',\n 'content/eus/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.2/x86_64/supplementary/os',\n 'content/eus/rhel9/9.2/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.8.10-2.el9', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-devel-1.8.10-2.el9', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9', 'sp':'2', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9', 'sp':'2', 'cpu':'ppc64le', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9', 'sp':'2', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/appstream/debug',\n 'content/dist/rhel9/9/ppc64le/appstream/os',\n 'content/dist/rhel9/9/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/baseos/debug',\n 'content/dist/rhel9/9/ppc64le/baseos/os',\n 'content/dist/rhel9/9/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/debug',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/os',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/highavailability/debug',\n 'content/dist/rhel9/9/ppc64le/highavailability/os',\n 'content/dist/rhel9/9/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/debug',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/os',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/debug',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/os',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap/debug',\n 'content/dist/rhel9/9/ppc64le/sap/os',\n 'content/dist/rhel9/9/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/supplementary/debug',\n 'content/dist/rhel9/9/ppc64le/supplementary/os',\n 'content/dist/rhel9/9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.8.10-2.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-devel-1.8.10-2.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9', 'cpu':'ppc64le', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd / fwupd-devel / fwupd-plugin-flashrom');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-16T13:18:28", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2487 advisory.\n\n - A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34301)\n\n - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre- boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34302)\n\n - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. (CVE-2022-3287)\n\n - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.\n Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-15T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : fwupd (ELSA-2023-2487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3287", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-09-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:fwupd", "p-cpe:/a:oracle:linux:fwupd-plugin-flashrom", "p-cpe:/a:oracle:linux:fwupd-devel"], "id": "ORACLELINUX_ELSA-2023-2487.NASL", "href": "https://www.tenable.com/plugins/nessus/175702", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-2487.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175702);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/18\");\n\n script_cve_id(\n \"CVE-2022-3287\",\n \"CVE-2022-34301\",\n \"CVE-2022-34302\",\n \"CVE-2022-34303\"\n );\n\n script_name(english:\"Oracle Linux 9 : fwupd (ELSA-2023-2487)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2023-2487 advisory.\n\n - A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this\n bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code\n in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use\n with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34301)\n\n - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader\n to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-\n boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this\n bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34302)\n\n - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to\n /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same\n configuration file. (CVE-2022-3287)\n\n - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass\n or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage,\n an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.\n Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-2487.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fwupd, fwupd-devel and / or fwupd-plugin-flashrom packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3287\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34303\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fwupd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fwupd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fwupd-plugin-flashrom\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'fwupd-1.8.10-2.0.1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-devel-1.8.10-2.0.1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.0.1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-1.8.10-2.0.1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-devel-1.8.10-2.0.1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.0.1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd / fwupd-devel / fwupd-plugin-flashrom');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-16T13:18:28", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2487 advisory.\n\n - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. (CVE-2022-3287)\n\n - A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34301)\n\n - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre- boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34302)\n\n - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.\n Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-14T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : fwupd (ALSA-2023:2487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3287", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/o:alma:linux:9::supplementary", "cpe:/o:alma:linux:9::sap", "p-cpe:/a:alma:linux:fwupd", "p-cpe:/a:alma:linux:fwupd-plugin-flashrom", "cpe:/o:alma:linux:9::baseos", "cpe:/o:alma:linux:9::appstream", "cpe:/o:alma:linux:9::highavailability", "cpe:/o:alma:linux:9::resilientstorage", "cpe:/o:alma:linux:9::sap_hana", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::realtime", "cpe:/o:alma:linux:9::nfv", "cpe:/o:alma:linux:9::crb", "p-cpe:/a:alma:linux:fwupd-devel"], "id": "ALMA_LINUX_ALSA-2023-2487.NASL", "href": "https://www.tenable.com/plugins/nessus/175616", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2023:2487.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175616);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2022-3287\",\n \"CVE-2022-34301\",\n \"CVE-2022-34302\",\n \"CVE-2022-34303\"\n );\n script_xref(name:\"ALSA\", value:\"2023:2487\");\n\n script_name(english:\"AlmaLinux 9 : fwupd (ALSA-2023:2487)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2023:2487 advisory.\n\n - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to\n /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same\n configuration file. (CVE-2022-3287)\n\n - A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this\n bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code\n in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use\n with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34301)\n\n - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader\n to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-\n boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this\n bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34302)\n\n - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass\n or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage,\n an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.\n Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2023-2487.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fwupd, fwupd-devel and / or fwupd-plugin-flashrom packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3287\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34303\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(256, 494, 552);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:fwupd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:fwupd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:fwupd-plugin-flashrom\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::crb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::highavailability\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::realtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::resilientstorage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::sap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::sap_hana\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::supplementary\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'fwupd-1.8.10-2.el9.alma', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-1.8.10-2.el9.alma', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-devel-1.8.10-2.el9.alma', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-devel-1.8.10-2.el9.alma', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9.alma', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9.alma', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd / fwupd-devel / fwupd-plugin-flashrom');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:11", "description": "According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple vulnerabilities:\n\n - A vulnerability in the web filter database update feature of Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to perform a command injection and execute commands on the underlying operating system with root privileges. (CVE-2022-20827)\n\n - A vulnerability in the Open Plug and Play (PnP) module of Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system. (CVE-2022-20841)\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-05T00:00:00", "type": "nessus", "title": "Cisco Small Business RV Series Routers Multiple Vulnerabilities (cisco-sa-sb-mult-vuln-CbVp4SUR)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-20827", "CVE-2022-20841"], "modified": "2022-12-07T00:00:00", "cpe": ["cpe:/o:cisco:small_business_rv_series_router_firmware"], "id": "CISCO-SA-SB-MULT-VULN-CBVP4SUR.NASL", "href": "https://www.tenable.com/plugins/nessus/163883", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163883);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2022-20827\", \"CVE-2022-20841\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCwb58268\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCwb58273\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCwb98961\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCwb98964\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-sb-mult-vuln-CbVp4SUR\");\n script_xref(name:\"IAVA\", value:\"2022-A-0308\");\n\n script_name(english:\"Cisco Small Business RV Series Routers Multiple Vulnerabilities (cisco-sa-sb-mult-vuln-CbVp4SUR)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple\nvulnerabilities:\n\n - A vulnerability in the web filter database update feature of Cisco Small Business RV160, RV260, RV340, and RV345 \n Series Routers could allow an unauthenticated, remote attacker to perform a command injection and execute commands \n on the underlying operating system with root privileges. (CVE-2022-20827)\n\n - A vulnerability in the Open Plug and Play (PnP) module of Cisco Small Business RV160, RV260, RV340, and RV345 \n Series Routers could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the \n underlying operating system. (CVE-2022-20841)\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?93fea3b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwb58268, CSCwb58273, CSCwb98961, CSCwb98964\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20827\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:small_business_rv_series_router_firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_small_business_detect.nasl\", \"cisco_rv_webui_detect.nbin\");\n script_require_keys(\"Cisco/Small_Business_Router/Version\", \"Cisco/Small_Business_Router/Model\");\n\n exit(0);\n}\n\ninclude('ccf.inc');\n\nvar product_info = cisco::get_product_info(name:'Cisco Small Business Series Router Firmware');\n\n# CVE-2022-20827 and CVE-2022-20841 affect the following Cisco products:\n# RV160 VPN Routers\n# RV160W Wireless-AC VPN Routers\n# RV260 VPN Routers\n# RV260P VPN Routers with PoE\n# RV260W Wireless-AC VPN Routers\n# RV340 Dual WAN Gigabit VPN Routers\n# RV340W Dual WAN Gigabit Wireless-AC VPN Routers\n# RV345 Dual WAN Gigabit VPN Routers\n# RV345P Dual WAN Gigabit POE VPN Routers\n\nif (product_info['model'] !~ \"^RV((160W*|260[PW]*)|(34[05]+[WP]*))\")\n audit(AUDIT_HOST_NOT, 'an affected Cisco Small Business RV Series router'); \n\nvar vuln_ranges;\nif (product_info['model'] =~ \"^RV([12]60)\")\n vuln_ranges = [ { 'min_ver' : '1.0.01.05', 'fix_ver' : '1.0.01.09'} ];\nelse if (product_info['model'] =~ \"^RV(34[05]+)\")\n vuln_ranges = [ { 'min_ver' : '1.0.03.26', 'fix_ver' : '1.0.03.28'} ];\n\nvar reporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_HOLE,\n 'version' , product_info['version'],\n 'bug_id' , 'CSCwb58268, CSCwb58273, CSCwb98961, CSCwb98964',\n 'disable_caveat', TRUE\n);\n\ncisco::check_and_report(\n product_info:product_info,\n reporting:reporting,\n vuln_ranges:vuln_ranges\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-04T15:30:46", "description": "According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by a vulnerability.\nA vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.\n\nPlease see the included Cisco BID and Cisco Security Advisory for more information.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-05T00:00:00", "type": "nessus", "title": "Cisco Small Business RV Series Routers DoS RCE (cisco-sa-sb-mult-vuln-CbVp4SUR))", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-20842"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/o:cisco:small_business_rv_series_router_firmware"], "id": "CISCO-SA-SB-MULT-VULN-CBVP4SUR_CVE-2022-20842.NASL", "href": "https://www.tenable.com/plugins/nessus/163884", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163884);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-20842\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCwc00210\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-sb-mult-vuln-CbVp4SUR\");\n script_xref(name:\"IAVA\", value:\"2022-A-0308\");\n\n script_name(english:\"Cisco Small Business RV Series Routers DoS RCE (cisco-sa-sb-mult-vuln-CbVp4SUR))\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by a vulnerability.\nA vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN \nRouters could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to \nrestart unexpectedly, resulting in a denial of service (DoS) condition.\n\nPlease see the included Cisco BID and Cisco Security Advisory for more information.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?93fea3b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwc00210\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20842\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:small_business_rv_series_router_firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_small_business_detect.nasl\", \"cisco_rv_webui_detect.nbin\");\n script_require_keys(\"Cisco/Small_Business_Router/Version\", \"Cisco/Small_Business_Router/Model\");\n\n exit(0);\n}\n\ninclude('ccf.inc');\n\nvar product_info = cisco::get_product_info(name:'Cisco Small Business Series Router Firmware');\n\n# CVE-2022-20842 affects the following Cisco products:\n# RV340 Dual WAN Gigabit VPN Routers\n# RV340W Dual WAN Gigabit Wireless-AC VPN Routers\n# RV345 Dual WAN Gigabit VPN Routers\n# RV345P Dual WAN Gigabit POE VPN Routers\n\nif (product_info['model'] !~ \"^RV(34[05]+[WP]*)\")\n audit(AUDIT_HOST_NOT, 'an affected Cisco Small Business RV Series router'); \n\nvar vuln_ranges = [ { 'min_ver' : '1.0.03.26', 'fix_ver' : '1.0.03.27'} ];\n\nvar reporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_HOLE,\n 'version' , product_info['version'],\n 'bug_id' , 'CSCwc00210',\n 'fix' , '1.0.03.28',\n 'disable_caveat', TRUE\n);\n\ncisco::check_and_report(\n product_info:product_info,\n reporting:reporting,\n vuln_ranges:vuln_ranges\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:16", "description": "The version of Atlassian Confluence installed on the remote host is prior to < 7.4.17 / 7.13.x < 7.13.6 / 7.14.x < 7.14.3 / 7.15.x < 7.15.2 / 7.16.x < 7.16.4 / 7.17.x < 7.17.2. It is potentially affected by a hard-coded credential vulnerability if the 'Questions for Confluence' app is installed.\n\nThe Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.(CVE-2022-26138)\n\nNote that Nessus has not tested for this issue but has instead relied only on Confluence's self-reported version number. This plugin will only run in 'Parnoid' scans.", "cvss3": {}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "Atlassian Confluence < 7.4.17 / 7.13.x < 7.13.6 / < 7.14.3 / 7.15.x < 7.15.2 / 7.16.x < 7.16.4 / 7.17.x < 7.17.2 (CONFSERVER-79483)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26138"], "modified": "2022-12-08T00:00:00", "cpe": ["cpe:/a:atlassian:confluence"], "id": "CONFLUENCE_CONFSERVER-79483.NASL", "href": "https://www.tenable.com/plugins/nessus/163327", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163327);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/08\");\n\n script_cve_id(\"CVE-2022-26138\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/19\");\n\n script_name(english:\"Atlassian Confluence < 7.4.17 / 7.13.x < 7.13.6 / < 7.14.3 / 7.15.x < 7.15.2 / 7.16.x < 7.16.4 / 7.17.x < 7.17.2 (CONFSERVER-79483)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Atlassian Confluence host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Atlassian Confluence installed on the remote host is prior to < 7.4.17 / 7.13.x < 7.13.6 / 7.14.x <\n7.14.3 / 7.15.x < 7.15.2 / 7.16.x < 7.16.4 / 7.17.x < 7.17.2. It is potentially affected by a hard-coded credential\nvulnerability if the 'Questions for Confluence' app is installed.\n\nThe Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in\nthe confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated\nattacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content\naccessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35,\nand 3.0.2 of the app.(CVE-2022-26138)\n\nNote that Nessus has not tested for this issue but has instead relied only on Confluence's self-reported version\nnumber. This plugin will only run in 'Parnoid' scans.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.atlassian.com/browse/CONFSERVER-79483\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Atlassian Confluence version 7.4.17, 7.13.6, 7.14.3, 7.15.2, 7.16.4, 7.17.2, 7.13.6, 7.14.3, 7.15.2, 7.16.4,\n7.17.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26138\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:atlassian:confluence\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"confluence_detect.nasl\");\n script_require_keys(\"installed_sw/confluence\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 8080, 8090);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80);\nvar app_info = vcf::get_app_info(app:'confluence', port:port, webapp:true);\n\n# The vuln is in the Questions for Confluence app, not Confluence itself\n# We cannot determin if this is installed and/or the offending user account is present\nif (report_paranoia < 2) audit(AUDIT_POTENTIAL_VULN, 'Confluence', app_info.version);\n\nvar constraints = [\n { 'fixed_version' : '7.4.17', 'fixed_display' : '7.4.17 / 7.13.6 / 7.14.3 / 7.15.2 / 7.16.4 / 7.17.2' },\n { 'min_version' : '7.13.0', 'fixed_version' : '7.13.6' },\n { 'min_version' : '7.14.0', 'fixed_version' : '7.14.3' },\n { 'min_version' : '7.15.0', 'fixed_version' : '7.15.2' },\n { 'min_version' : '7.16.0', 'fixed_version' : '7.16.4' },\n { 'min_version' : '7.17.0', 'fixed_version' : '7.17.2' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:27", "description": "The remote confluence web application uses a known set of hard-coded default credentials of the 'Questions for Confluence' marketplace application. An attacker can exploit this to gain administrative access to the remote host.", "cvss3": {}, "published": "2022-08-12T00:00:00", "type": "nessus", "title": "Questions for Confluence App Default Credentials (CVE-2022-26138)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26138"], "modified": "2022-12-07T00:00:00", "cpe": ["cpe:/a:atlassian:confluence"], "id": "CONFLUENCE_CVE-2022-26138.NASL", "href": "https://www.tenable.com/plugins/nessus/164091", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164091);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2022-26138\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/19\");\n\n script_name(english:\"Questions for Confluence App Default Credentials (CVE-2022-26138)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The application hosted on the remote web server uses a default set of known credentials.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote confluence web application uses a known set of hard-coded default credentials of the\n'Questions for Confluence' marketplace application. An attacker can exploit this to gain \nadministrative access to the remote host.\");\n # https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56edf34e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the application's default credentials.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26138\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:atlassian:confluence\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"confluence_detect.nasl\");\n script_require_keys(\"installed_sw/confluence\");\n script_require_ports(\"Services/www\", 8080, 8090);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('url_func.inc');\ninclude('vcf.inc');\ninclude('debug.inc');\n\nvar app_name = 'confluence';\nvar port = get_http_port(default:80);\nvar app_info = vcf::get_app_info(app:app_name, port:port, webapp:true);\nvar url = build_url(port:port, qs:app_info['path']);\n\n##\n# Try to authenticate with default disabledsystemuser/disabled1system1user6708 creds\n#\n# @param port - the port the application exists on\n# @return TRUE for successful authentication, otherwise FALSE\n##\nfunction try_default_creds(port)\n{\n dbg::detailed_log(lvl:1, src:FUNCTION_NAME, msg:'[trying default creds]');\n var res, post;\n post = 'os_username=disabledsystemuser&os_password=disabled1system1user6708&login=Log+in&os_destination=%2Findex.action';\n # Authenticate\n res = http_send_recv3(\n port : port,\n method : 'POST',\n item : '/dologin.action',\n data : post,\n content_type : \"application/x-www-form-urlencoded\",\n exit_on_fail : TRUE\n );\n\n dbg::detailed_log(lvl:1, src:FUNCTION_NAME, msg:'Attempted to login with: ' + http_last_sent_request());\n dbg::detailed_log(lvl:1, src:FUNCTION_NAME, msg:'Response was: ' + obj_rep(res));\n if ('HTTP/1.1 302' >< res[0] && 'X-Seraph-LoginReason: OK' >< res[1])\n {\n dbg::detailed_log(lvl:1, src:FUNCTION_NAME, msg:'[login confirmed][ ' + res[0] + '][' + res[1] + ']');\n return TRUE;\n }\n dbg::detailed_log(lvl:1, src:FUNCTION_NAME, msg:'[login failed][ ' + res[0] + '][' + res[1] + ']');\n return FALSE;\n}\n\nvar can_auth = try_default_creds(port:port);\n\nvar report = NULL;\nif (can_auth)\n{\n report = 'Nessus was able to gain access to the remote confluence app\\n' +\n 'using the following set of credentials:\\n' +\n '\\n Username : disabledsystemuser' +\n '\\n Password : disabled1system1user6708';\n\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app_name, url);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:03:18", "description": "The remote Windows host is missing security update 5016629. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)\n\n - Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)\n\n - Windows Bluetooth Service Remote Code Execution Vulnerability (CVE-2022-30144)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "KB5016629: Windows 11 Security Update (August 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-30133", "CVE-2022-30144", "CVE-2022-30194", "CVE-2022-30197", "CVE-2022-33670", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34689", "CVE-2022-34690", "CVE-2022-34691", "CVE-2022-34696", "CVE-2022-34699", "CVE-2022-34701", "CVE-2022-34702", "CVE-2022-34703", "CVE-2022-34704", "CVE-2022-34705", "CVE-2022-34706", "CVE-2022-34707", "CVE-2022-34708", "CVE-2022-34709", "CVE-2022-34710", "CVE-2022-34712", "CVE-2022-34713", "CVE-2022-34714", "CVE-2022-35743", "CVE-2022-35744", "CVE-2022-35745", "CVE-2022-35746", "CVE-2022-35747", "CVE-2022-35749", "CVE-2022-35750", "CVE-2022-35751", "CVE-2022-35752", "CVE-2022-35753", "CVE-2022-35754", "CVE-2022-35755", "CVE-2022-35756", "CVE-2022-35757", "CVE-2022-35758", "CVE-2022-35759", "CVE-2022-35760", "CVE-2022-35761", "CVE-2022-35766", "CVE-2022-35767", "CVE-2022-35768", "CVE-2022-35769", "CVE-2022-35771", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35795", "CVE-2022-35797", "CVE-2022-35804", "CVE-2022-35820"], "modified": "2023-10-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_AUG_5016629.NASL", "href": "https://www.tenable.com/plugins/nessus/163945", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163945);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/25\");\n\n script_cve_id(\n \"CVE-2022-30133\",\n \"CVE-2022-30144\",\n \"CVE-2022-30194\",\n \"CVE-2022-30197\",\n \"CVE-2022-33670\",\n \"CVE-2022-34301\",\n \"CVE-2022-34302\",\n \"CVE-2022-34303\",\n \"CVE-2022-34689\",\n \"CVE-2022-34690\",\n \"CVE-2022-34691\",\n \"CVE-2022-34696\",\n \"CVE-2022-34699\",\n \"CVE-2022-34701\",\n \"CVE-2022-34702\",\n \"CVE-2022-34703\",\n \"CVE-2022-34704\",\n \"CVE-2022-34705\",\n \"CVE-2022-34706\",\n \"CVE-2022-34707\",\n \"CVE-2022-34708\",\n \"CVE-2022-34709\",\n \"CVE-2022-34710\",\n \"CVE-2022-34712\",\n \"CVE-2022-34713\",\n \"CVE-2022-34714\",\n \"CVE-2022-35743\",\n \"CVE-2022-35744\",\n \"CVE-2022-35745\",\n \"CVE-2022-35746\",\n \"CVE-2022-35747\",\n \"CVE-2022-35749\",\n \"CVE-2022-35750\",\n \"CVE-2022-35751\",\n \"CVE-2022-35752\",\n \"CVE-2022-35753\",\n \"CVE-2022-35754\",\n \"CVE-2022-35755\",\n \"CVE-2022-35756\",\n \"CVE-2022-35757\",\n \"CVE-2022-35758\",\n \"CVE-2022-35759\",\n \"CVE-2022-35760\",\n \"CVE-2022-35761\",\n \"CVE-2022-35766\",\n \"CVE-2022-35767\",\n \"CVE-2022-35768\",\n \"CVE-2022-35769\",\n \"CVE-2022-35771\",\n \"CVE-2022-35793\",\n \"CVE-2022-35794\",\n \"CVE-2022-35795\",\n \"CVE-2022-35797\",\n \"CVE-2022-35804\",\n \"CVE-2022-35820\"\n );\n script_xref(name:\"MSKB\", value:\"5016629\");\n script_xref(name:\"MSFT\", value:\"MS22-5016629\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/30\");\n script_xref(name:\"IAVA\", value:\"2022-A-0320-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0319-S\");\n\n script_name(english:\"KB5016629: Windows 11 Security Update (August 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5016629. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)\n\n - Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)\n\n - Windows Bluetooth Service Remote Code Execution Vulnerability (CVE-2022-30144)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5016629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5016629\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5016629\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-35804\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-35744\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-08';\nkbs = make_list(\n '5016629'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:22000,\n rollup_date:'08_2022',\n bulletin:bulletin,\n rollup_kb_list:[5016629])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:03:38", "description": "The remote Windows host is missing security update 5016627. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)\n\n - Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)\n\n - Windows WebBrowser Control Remote Code Execution Vulnerability (CVE-2022-30194)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "KB5016627: Windows Server 2022 Security Update (August 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-30133", "CVE-2022-30194", "CVE-2022-30197", "CVE-2022-33670", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34689", "CVE-2022-34690", "CVE-2022-34691", "CVE-2022-34696", "CVE-2022-34699", "CVE-2022-34701", "CVE-2022-34702", "CVE-2022-34703", "CVE-2022-34704", "CVE-2022-34705", "CVE-2022-34706", "CVE-2022-34707", "CVE-2022-34708", "CVE-2022-34709", "CVE-2022-34710", "CVE-2022-34712", "CVE-2022-34713", "CVE-2022-34714", "CVE-2022-34715", "CVE-2022-35743", "CVE-2022-35744", "CVE-2022-35745", "CVE-2022-35746", "CVE-2022-35747", "CVE-2022-35748", "CVE-2022-35749", "CVE-2022-35750", "CVE-2022-35751", "CVE-2022-35752", "CVE-2022-35753", "CVE-2022-35755", "CVE-2022-35756", "CVE-2022-35757", "CVE-2022-35758", "CVE-2022-35759", "CVE-2022-35760", "CVE-2022-35761", "CVE-2022-35762", "CVE-2022-35763", "CVE-2022-35764", "CVE-2022-35765", "CVE-2022-35766", "CVE-2022-35767", "CVE-2022-35768", "CVE-2022-35769", "CVE-2022-35771", "CVE-2022-35792", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35795", "CVE-2022-35820"], "modified": "2023-10-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_AUG_5016627.NASL", "href": "https://www.tenable.com/plugins/nessus/163953", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163953);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/25\");\n\n script_cve_id(\n \"CVE-2022-30133\",\n \"CVE-2022-30194\",\n \"CVE-2022-30197\",\n \"CVE-2022-33670\",\n \"CVE-2022-34301\",\n \"CVE-2022-34302\",\n \"CVE-2022-34303\",\n \"CVE-2022-34689\",\n \"CVE-2022-34690\",\n \"CVE-2022-34691\",\n \"CVE-2022-34696\",\n \"CVE-2022-34699\",\n \"CVE-2022-34701\",\n \"CVE-2022-34702\",\n \"CVE-2022-34703\",\n \"CVE-2022-34704\",\n \"CVE-2022-34705\",\n \"CVE-2022-34706\",\n \"CVE-2022-34707\",\n \"CVE-2022-34708\",\n \"CVE-2022-34709\",\n \"CVE-2022-34710\",\n \"CVE-2022-34712\",\n \"CVE-2022-34713\",\n \"CVE-2022-34714\",\n \"CVE-2022-34715\",\n \"CVE-2022-35743\",\n \"CVE-2022-35744\",\n \"CVE-2022-35745\",\n \"CVE-2022-35746\",\n \"CVE-2022-35747\",\n \"CVE-2022-35748\",\n \"CVE-2022-35749\",\n \"CVE-2022-35750\",\n \"CVE-2022-35751\",\n \"CVE-2022-35752\",\n \"CVE-2022-35753\",\n \"CVE-2022-35755\",\n \"CVE-2022-35756\",\n \"CVE-2022-35757\",\n \"CVE-2022-35758\",\n \"CVE-2022-35759\",\n \"CVE-2022-35760\",\n \"CVE-2022-35761\",\n \"CVE-2022-35762\",\n \"CVE-2022-35763\",\n \"CVE-2022-35764\",\n \"CVE-2022-35765\",\n \"CVE-2022-35766\",\n \"CVE-2022-35767\",\n \"CVE-2022-35768\",\n \"CVE-2022-35769\",\n \"CVE-2022-35771\",\n \"CVE-2022-35792\",\n \"CVE-2022-35793\",\n \"CVE-2022-35794\",\n \"CVE-2022-35795\",\n \"CVE-2022-35820\"\n );\n script_xref(name:\"MSKB\", value:\"5016627\");\n script_xref(name:\"MSFT\", value:\"MS22-5016627\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/30\");\n script_xref(name:\"IAVA\", value:\"2022-A-0320-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0319-S\");\n\n script_name(english:\"KB5016627: Windows Server 2022 Security Update (August 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5016627. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)\n\n - Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)\n\n - Windows WebBrowser Control Remote Code Execution Vulnerability (CVE-2022-30194)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5016627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5016627\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5016627\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-35744\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-08';\nkbs = make_list(\n '5016627'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:20348,\n rollup_date:'08_2022',\n bulletin:bulletin,\n rollup_kb_list:[5016627])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:30:19", "description": "The remote host has the HKEY_CLASSES_ROOT\\ms-msdt registry key. This is a known exposure for CVE-2022-30190.\n\nNote that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch.", "cvss3": {}, "published": "2022-05-31T00:00:00", "type": "nessus", "title": "The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-30190"], "modified": "2022-07-28T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "x-cpe:/a:microsoft:msdt"], "id": "MSDT_RCE_CVE_2022-30190_REG_CHECK.NASL", "href": "https://www.tenable.com/plugins/nessus/161691", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161691);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/28\");\n\n script_name(english:\"The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Checks for the HKEY_CLASSES_ROOT\\ms-msdt registry key.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has the HKEY_CLASSES_ROOT\\ms-msdt registry key. This is a known exposure for CVE-2022-30190.\n\nNote that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is\nto apply the latest patch.\");\n # https://community.tenable.com/s/article/Microsoft-CVE-2022-30190-Patch-and-Workaround-Plugin-Advisement\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?440e4ba1\");\n # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190\");\n # https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b9345997\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the latest Cumulative Update.\");\n\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:microsoft:msdt\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_windows_defender_win_installed.nbin\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\ninclude('smb_reg_query.inc');\ninclude('spad_log_func.inc');\ninclude('smb_func.inc');\n\nregistry_init();\nvar hkcr = registry_hive_connect(hive:HKEY_CLASS_ROOT, exit_on_fail:TRUE);\n\nif (!registry_key_exists(handle:hkcr, key:'ms-msdt'))\n{\n spad_log(message:'HKEY_CLASSES_ROOT\\\\ms-msdt does not exist, auditing');\n close_registry();\n audit(AUDIT_OS_CONF_NOT_VULN, 'Windows');\n}\n\nvar report = 'The HKEY_CLASSES_ROOT\\\\ms-msdt registry key exists on the target. This may indicate that the target is' +\n ' vulnerable to CVE-2022-30190, if the vendor patch is not applied.';\n\nvar port = kb_smb_transport();\nclose_registry();\nsecurity_report_v4(severity:SECURITY_NOTE, extra:report, port:port);\nexit(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2022-08-10T12:48:23", "description": "Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that is actively being exploited in the wild. The bug ([CVE-2022-34713](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34713>)) is tied to a Microsoft Windows Support Diagnostic Tool and allows a remote attacker to execute code on a vulnerable system.\n\n\u201cThe volume of fixes released this month is markedly higher than what is normally expected in an August release. It\u2019s almost triple the size of last year\u2019s August release, and it\u2019s the second largest release this year,\u201d wrote Dustin Childs, Zero Day Initiative manager, in a [Tuesday blog post](<https://www.zerodayinitiative.com/blog/2022/8/9/the-august-2022-security-update-review>).\n\n## **Dogwalk Flaw Was Over Two-Years Old **\n\nThe actively exploited Dogwalk bug was first reported to Microsoft in January 2020 by researcher Imre Rad. However, it wasn\u2019t until a [separate researchers began tracking the exploitation](<https://twitter.com/j00sean/status/1531643635543990275>) of a flaw dubbed [Follina](<https://threatpost.com/follina-exploited-by-state-sponsored-hackers/179890/>) ([CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>)) that the Dogwalk bug was rediscovered. That renewed interest in Dogwalk appears to have motivated Microsoft to add the patch to this month\u2019s round of fixes, according to a Tenable Patch [Tuesday roundup report](<https://www.tenable.com/blog/microsofts-august-2022-patch-tuesday-addresses-118-cves-cve-2022-34713>).\n\nMicrosoft states that CVE-2022-34713 is a \u201cvariant of\u201d Dogwalk, but different. Microsoft scored the vulnerability as Important and warns that the exploitation of the bug can only be preformed by an adversary with physical access to a vulnerable computer. However, researchers at Zero Day Initiative outline how a remote attack might occur.\n\n\u201cThere is an element of social engineering to this as a threat actor would need to convince a user to click a link or open a document,\u201d Childs wrote.\n\nMicrosoft describes a possible attack as having a low complexity value, meaning it can be exploited easily and requires no advance system privileges to execute.\n\n\u201cThis bug also allows code execution when MSDT is called using the URL protocol from a calling application, typically Microsoft Word,\u201d Childs wrote. \u201cIt\u2019s not clear if this vulnerability is the result of a failed patch or something new,\u201d he added.\n\n## **17 Critical Flaws **\n\nThe most serious of the vulnerabilities patched on Tuesday include a trio of elevation of privilege vulnerabilities opening instances of Microsoft Exchange Server to attack. Microsoft has released a [separate alert page](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862>) for this flaw to help mitigate the flaws.\n\n\u201cAll three vulnerabilities require authentication and user interaction to exploit \u2014 an attacker would need to entice a target to visit a specially crafted Exchange server, likely through phishing,\u201d wrote Tenable regarding the Exchange Server bugs.\n\nBack in the Patch Tuesday spotlight is a critical flaw ([CVE-2022-35804](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35804>)) in Microsoft\u2019s Server Message Block (SMB) client and server running on Windows 11 systems using Microsoft SMB 3.1.1 (SMBv3), according to the company. Microsoft categorized the bug as \u201cExploitation More Likely\u201d and assigned an 8.8 severity rating to the flaw.\n\nThe flaw only affects Windows 11, which Zero Day Initiative said, \u201cimplies some new functionality introduced this vulnerability.\u201d Researchers there said the SMB flaw could potentially be wormable between affected Windows 11 systems only when SMB server is enabled.\n\n\u201cDisabling SMBv3 compression is a workaround for this bug, but applying the update is the best method to remediate the vulnerability,\u201d wrote Childs.\n\nRated between 8.5 to 9.8 in severity, Microsoft patched a remote code execution flaw ([CVE-2022-34715](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34715>)) in its Windows Network File System. This is the fourth month in a row that Microsoft has deployed a critical NFS code execution patch. Interestingly, Microsoft describes the flaw as Important, while researchers warn the bug is Critical and should be a priority patch.\n\n\u201cTo exploit this, a remote, unauthenticated attacker would need to make a specially crafted call to an affected NFS server. This would provide the threat actor with code execution at elevated privileges. Microsoft lists this as Important severity, but if you\u2019re using NFS, I would treat it as Critical. Definitely test and deploy this fix quickly,\u201d advises Zero Day Initiative.\n\nIn related news, [Adobe patched 25 CVEs on Tuesday](<https://helpx.adobe.com/security.html>) tackling bugs in Adobe Acrobat and Reader, Commerce, Illustrator, FrameMaker and Adobe Premier Elements.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T12:48:05", "type": "threatpost", "title": "Microsoft Patches \u2018Dogwalk\u2019 Zero-Day and 17 Critical Flaws", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190", "CVE-2022-34713", "CVE-2022-34715", "CVE-2022-35804"], "modified": "2022-08-10T12:48:05", "id": "THREATPOST:24243FD4F7B9BDBDAC283E15D460128F", "href": "https://threatpost.com/microsoft-patches-dogwalk-zero-day-and-17-critical-flaws/180378/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-18T12:20:51", "description": "A Windows 11 vulnerability, part of Microsoft\u2019s Patch Tuesday roundup of fixes, is being exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to advise patching of the elevation of privileges flaw by August 2.\n\nThe recommendation is directed at federal agencies and concerns [CVE-2022-22047](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22047>), a vulnerability that carries a CVSS score of high (7.8) and exposes Windows Client Server Runtime Subsystem (CSRSS) used in Windows 11 (and earlier versions dating back to 7) and also Windows Server 2022 (and earlier versions 2008, 2012, 2016 and 2019) to attack.\n\n_[[**FREE On-demand Event**](<https://threatpost.com/webinars/securely-access-your-machines-from-anywhere-presented-by-keeper-security/>): **Join Keeper Security\u2019s Zane Bond in a Threatpost roundtable and learn how to securely access your machines from anywhere and share sensitive documents from your home office.** **[WATCH HERE](<https://threatpost.com/webinars/securely-access-your-machines-from-anywhere-presented-by-keeper-security/>)**.]_\n\nThe CSRSS bug is an elevation of privileges vulnerability that allows adversaries with a pre-established foothold on a targeted system to execute code as an unprivileged user. When the bug was first reported by Microsoft\u2019s own security team earlier this month it was classified as a zero-day, or a known bug with no patch. That patch was made available on [Tuesday July 5](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22047>).\n\nResearchers at FortiGuard Labs, a division of Fortinet, said the threat the bug poses to business is \u201cmedium\u201d. [In a bulletin, researchers explain](<https://www.fortiguard.com/threat-signal-report/4671/known-active-exploitation-of-windows-csrss-elevation-of-privilege-vulnerability-cve-2022-22047>) the downgraded rating because an adversary needs advanced \u201clocal\u201d or physical access to the targeted system to exploit the bug and a patch is available.\n\nThat said, an attacker who has previously gained remote access to a computer system (via malware infection) could exploit the vulnerability remotely.\n\n\u201cAlthough there is no further information on exploitation released by Microsoft, it can be surmised that an unknown remote code execution allowed for an attacker to perform lateral movement and escalate privileges on machines vulnerable to CVE-2022-22047, ultimately allowing for SYSTEM privileges,\u201d FortiGuard Labs wrote.\n\n## Office and Adobe Documents Entry Points\n\nWhile the vulnerability is being actively exploited, there are no known public proof of concept exploits in the wild that can be used to help mitigate or sometimes fuel attacks, according to a [report by The Record](<https://therecord.media/cisa-adds-windows-bug-to-exploited-list-urges-agencies-to-patch-by-august-2/>).\n\n\u201cThe vulnerability allows an attacker to execute code as SYSTEM, provided they can execute other code on the target,\u201d wrote Trend Micro\u2019s [Zero Day Initiative (ZDI) in its Patch Tuesday](<https://www.zerodayinitiative.com/blog/2022/7/12/the-july-2022-security-update-review>) roundup last week.\n\n\u201cBugs of this type are typically paired with a code execution bug, usually a specially crafted Office or Adobe document, to take over a system. These attacks often rely on macros, which is why so many were disheartened to hear Microsoft\u2019s delay in blocking all Office macros by default,\u201d wrote ZDI author Dustin Childs.\n\nMicrosoft recently said it would block the use of Visual Basic for Applications (VBA) macros by default in some of its Office apps, however set no timeline enforce the policy.\n\nCISA [added the Microsoft bug to its running list](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) of known exploited vulnerabilities on July 7 (search \u201cCVE-2022-22047\u201d to find the entry) and recommends simply, \u201capply updates per vendor instructions\u201d.\n\n_[[**FREE On-demand Event**](<https://threatpost.com/webinars/securely-access-your-machines-from-anywhere-presented-by-keeper-security/>): **Join Keeper Security\u2019s Zane Bond in a Threatpost roundtable and learn how to securely access your machines from anywhere and share sensitive documents from your home office.** **[WATCH HERE](<https://threatpost.com/webinars/securely-access-your-machines-from-anywhere-presented-by-keeper-security/>)**.]_\n\nImage: Courtesy of Microsoft\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-18T12:19:26", "type": "threatpost", "title": "CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22047"], "modified": "2022-07-18T12:19:26", "id": "THREATPOST:781705ADC10B0D40FC4B8D835FA5EA6D", "href": "https://threatpost.com/cisa-urges-patch-11-bug/180235/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-07T12:48:32", "description": "Researchers have added state-sponsored hackers to the list of adversaries attempting to exploit Microsoft\u2019s now-patched Follina vulnerability. According to researchers at Proofpoint, state-sponsored hackers have attempted to abuse the Follina vulnerability in Microsoft Office, aiming an email-based exploit at U.S. and E.U. government targets via phishing campaigns.\n\nProofpoint researchers spotted the attacks and believe the adversaries have ties to a government, which it did not identify. Attacks consist of campaigns targeting victims U.S. and E.U. government workers. Malicious emails contain fake recruitment pitches promising a 20 percent boost in salaries and entice recipients to download an accompanying attachment.\n\nIn a Twitter-based statement, Sherrod DeGrippo, vice president of threat research at Proofpoint, said about 10 Proofpoint customers had received over 1,000 such messages.\n\nThe malicious attachment targets the remote code execution bug [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190>)_, dubbed _Follina.\n\n[Discovered](<https://twitter.com/nao_sec/status/1530196847679401984>) last month, the flaw exploits the Microsoft Windows Support Diagnostic Tool. As Microsoft explained in a [blog post](<https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/>), the bug \u201cexists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.\u201d\n\nState-sponsored abuse of the flaw is just the latest in a string of Follina-related attacks.\n\nIf successfully exploited, attackers can use the Follina flaw to install programs, view, change or delete data, or create new accounts in the context allowed by the user\u2019s rights, the company said.\n\n\u201cA remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word,\u201d Microsoft explained in [its guidance](<https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/>) on the Microsoft Security Response Center. \u201cAn attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.\u201d\n\nMicrosoft\u2019s workaround comes some six weeks after the vulnerability was apparently first identified. Researchers from [Shadow Chaser Group](<https://twitter.com/ShadowChasing1?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor>) noticed it on April 12 and patched by Microsoft in May.\n\nProofpoint says the malicious file used in the recruitment phishing campaigns, if downloaded, executes a script that can ultimately check for virtualized environment to abuse and \u201csteals information from local browsers, mail clients and file services, conducts machine recon and then zips it for exfil.\u201d\n\nProofpoint explained in a tweet, \u201cThe extensive reconnaissance conducted by [a] second Powershell script demonstrated an actor interested in a large variety of software on a target\u2019s computer.\u201d It is that behavior that raised concerns that the campaign had ties to a \u201cstate aligned nexus,\u201d researchers noted.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-07T12:45:00", "type": "threatpost", "title": "Follina Exploited by State-Sponsored Hackers", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-06-07T12:45:00", "id": "THREATPOST:44942C746E9FFDC2F783FA19F0AFD348", "href": "https://threatpost.com/follina-exploited-by-state-sponsored-hackers/179890/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2022-08-23T02:01:34", "description": "Hello everyone! In this episode, let&#x27;s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my [Vulristics](<https://github.com/leonov-av/vulristics>) vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August Patch Tuesdays.\n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239098>\n\nThere were 147 vulnerabilities. Urgent: 1, Critical: 0, High: 36, Medium: 108, Low: 2.\n\nThere was a lot of great stuff this Patch Tuesday. There was a critical exploited in the wild MSDT DogWalk vulnerability, 3 critical Exchange vulnerabilities that could be easily missed in prioritization, 13 potentially dangerous vulnerabilities, 2 funny vulnerabilities and 3 mysterious ones. Let&#x27;s take a closer look.\n \n \n $ cat comments_links.txt \n Qualys|August 2022 Patch Tuesday. Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories|https://blog.qualys.com/vulnerabilities-threat-research/2022/08/09/august-2022-patch-tuesday\n ZDI|THE AUGUST 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/8/9/the-august-2022-security-update-review\n Kaspersky|DogWalk and other vulnerabilities|https://www.kaspersky.com/blog/dogwalk-vulnerability-patch-tuesday-08-2022/45127/\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"August\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n MS PT Year: 2022\n MS PT Month: August\n MS PT Date: 2022-08-09\n MS PT CVEs found: 121\n Ext MS PT Date from: 2022-07-13\n Ext MS PT Date to: 2022-08-08\n Ext MS PT CVEs found: 26\n ALL MS PT CVEs: 147\n ...\n\n## DogWalk\n\n**Remote Code Execution** in Microsoft Windows Support Diagnostic Tool (MSDT) (CVE-2022-34713), dubbed **DogWalk**. The only Urgent level vulnerability. The Microsoft Support Diagnostic Tool (MSDT) is a service in Microsoft Windows that allows Microsoft technical support agents to analyze diagnostic data remotely for troubleshooting purposes. DogWalk vulnerability allows code execution when MSDT is called using the URL protocol from a calling application, typically Microsoft Word. There is an element of social engineering to this as a threat actor would need to convince a user to click a link or open a document. Exploitability Assessment: Exploitation in the wild detected. The existence of a public exploit is mentioned in Microsoft CVSS Temporal Score (Functional Exploit). But it is not yet available in public exploit packs. DogWalk is similar to MSDT RCE **Follina** (CVE-2022-30190), which made some hype in May of this year. It\u2019s not clear if this vulnerability is the result of a failed patch or something new. \n\n## 3 Microsoft Exchange EOPs\n\n**Elevation of Privilege** in Microsoft Exchange (CVE-2022-21980, CVE-2022-24516, CVE-2022-24477). I will not hide, this vulnerabilities were not detected as critical by Vulristics, only as Medium. This happened due to the fact that this are not RCEs, but EOPs. No public exploit or sign of exploitation in the wild. But these vulnerabilities are very critical, due to the fact that Exchange is often accessible from the Internet. And because of details about the vulnerability, which is only highlighted by ZDI. These bugs could allow an authenticated attacker to take over the mailboxes of all Exchange users, read and send emails or download attachments from any mailbox on the Exchange server. This gives access to valuable data and great opportunities for developing an attack. Administrators will also need to enable Extended Protection to fully address these vulnerabilities.\n\nit is not clear how to highlight such vulnerabilities automatically, because there are few formal signs. Apparently it is required to raise the priority of the software available on the perimeter and software that operates with important data.\n\n## 13 potentially dangerous vulnerabilities\n\n 1. **Remote Code Execution** in Windows Point-to-Point Protocol (PPP) (CVE-2022-30133, CVE-2022-35744). The Point-to-Point Protocol (PPP) is the default RAS (remote access service) protocol in Windows and is a data link-layer protocol used to encapsulate higher network-layer protocols to pass over synchronous and asynchronous communication lines. Both vulnerabilities allow attackers to send requests to the remote access server, which can lead to the execution of malicious code on the machine. And both have the same CVSS score: 9.8. This vulnerabilities can only be exploited by communicating via Port 1723. As a temporary workaround prior to installing the updates that address this vulnerability, you can block traffic through that port thus rendering the vulnerability unexploitable. Warning: Disabling Port 1723 could affect communications over your network. Exploitability Assessment: Exploitation Less Likely\n 2. **Remote Code Execution **in Windows Secure Socket Tunneling Protocol (SSTP) (CVE-2022-35766, CVE-2022-35794). SSTP is a VPN tunneling protocol designed to secure your online traffic. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS (remote access service) server, which could lead to remote code execution (RCE) on the RAS server machine. Exploitability Assessment: Exploitation Less Likely\n 3. **Remote Code Execution** in SMB Client and Server (CVE-2022-35804). The server side of this vulnerability would allow a remote, unauthenticated attacker to execute code with elevated privileges on affected SMB servers. Interestingly, this bug only affects Windows 11, which implies some new functionality introduced this vulnerability. Either way, this could potentially be wormable between affected Windows 11 systems with SMB server enabled. Disabling SMBv3 compression is a workaround for this bug, but applying the update is the best method to remediate the vulnerability. This vulnerability is reminiscent of past SMB vulnerabilities such as the EternalBlue SMBv1 flaw patched in MS17-010 in March of 2017 that was exploited as part of the [WannaCry](<https://avleonov.com/2017/05/13/wannacry-about-vulnerability-management/>) incident in addition to the more recent CVE-2020-0796 \u201cEternalDarkness\u201d RCE flaw in SMB 3.1.1.\n 4. **Remote Code Execution** in Visual Studio (CVE-2022-35777, CVE-2022-35825, CVE-2022-35826, CVE-2022-35827). The existence of a public exploit is mentioned in Microsoft CVSS Temporal Score (Proof-of-Concept Exploit). None of the vendors highlighted these vulnerabilities. But it seems that this can be used in targeted phishing against developers.\n 5. **Elevation of Privilege** in Active Directory (CVE-2022-34691). An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System. The advisory notes that exploitation is only possible when Active Directory Certificate Services is running on the domain. Exploitability Assessment: Exploitation Less Likely.\n 6. **Remote Code Execution** in Windows Network File System (CVE-2022-34715). This is now the fourth month in a row with an NFS code execution patch. To exploit this, a remote, unauthenticated attacker would need to make a specially crafted call to an affected NFS server. This would provide the threat actor with code execution at elevated privileges. Although we have not yet seen the actual exploitation of such vulnerabilities.\n 7. **Elevation of Privilege **in Windows Print Spooler (CVE-2022-35793, CVE-2022-35755). The Print Spooler is software built into the Windows operating system that temporarily stores print jobs in the computer&#x27;s memory until the printer is ready to print them. CVE-2022-35755 can be exploited using a specially crafted \u201cinput file,\u201d while exploitation of CVE-2022-35793 requires a user click on a specially crafted URL. Both would give the attacker SYSTEM privileges. Both vulnerabilities can be mitigated by disabling the Print Spooler service, but CVE-2022-35793 can also be mitigated by disabling inbound remote printing via Group Policy.\n\n## 2 funny vulnerabilities\n\n 1. Vulristics suddenly highlighted the **Memory Corruption** in Microsoft Edge (CVE-2022-2623) vulnerability because there is a public exploit for it. It turned out that there was a bug in the exploit databases: 0day.today and packetstorm. CVE-2022-2623 was mistakenly written instead of CVE-2022-26233. And this also happens and no one checks it. Well, prioritization of vulnerabilities based on distorted source data does not work well.\n 2. **Denial of Service** - Microsoft Outlook (CVE-2022-35742). This was reported through the ZDI program and is a mighty interesting bug. Sending a crafted email to a victim causes their Outlook application to terminate immediately. Outlook cannot be restarted. Upon restart, it will terminate again once it retrieves and processes the invalid message. It is not necessary for the victim to open the message or to use the Reading pane. The only way to restore functionality is to access the mail account using a different client (i.e., webmail, or administrative tools) and remove the offending email(s) from the mailbox before restarting Outlook.\n\n## 3 mysterious vulnerabilities\n\n * CERT/CC: CVE-2022-34303 Crypto Pro Boot Loader Bypass\n * CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass\n * CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass\n\nThey came from the US CERT Coordination Center.\n\n 1. No one writes anything about them, only Tenable. &quot;security bypass vulnerabilities in a third-party driver affecting Windows Secure Boot&quot;. \n 2. Maybe this is of course a coincidence and we are talking about other software, but isn&#x27;t Crypto Pro a Russian [CryptoPro](<https://www.cryptopro.ru/>), &quot;the company\u2019s main activity is cryptographic software development and public key infrastructure solutions based on national and international standards.&quot;?\n 3. Isn&#x27;t Eurosoft a [Russian Eurosoft](<http://eurosoft.ru/>), &quot;software for architectural design&quot;? \n\nIt&#x27;s all very curious.\n\nFull Vulristics report: [ms_patch_tuesday_august2022](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_august2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-23T00:00:26", "type": "avleonov", "title": "Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0796", "CVE-2022-21980", "CVE-2022-24477", "CVE-2022-24516", "CVE-2022-2623", "CVE-2022-26233", "CVE-2022-30133", "CVE-2022-30190", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34691", "CVE-2022-34713", "CVE-2022-34715", "CVE-2022-35742", "CVE-2022-35744", "CVE-2022-35755", "CVE-2022-35766", "CVE-2022-35777", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35804", "CVE-2022-35825", "CVE-2022-35826", "CVE-2022-35827"], "modified": "2022-08-23T00:00:26", "id": "AVLEONOV:37BE727F2D0C216B8B10BD6CBE6BD061", "href": "https://avleonov.com/2022/08/23/microsoft-patch-tuesday-august-2022-dogwalk-exchange-eops-13-potentially-dangerous-2-funny-3-mysterious-vulnerabilities/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "malwarebytes": [{"lastseen": "2022-08-14T17:56:48", "description": "Cisco has released a [security advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR>) about several vulnerabilities in the Cisco Small Business RV series routers, covering the RV160, RV260, RV340, and RV345.\n\nThere are no workarounds available that address these vulnerabilities, so you need to patch.\n\n## Vulnerabilities\n\nThe vulnerabilities are dependent on one another--exploitation of one of the vulnerabilities may be required to exploit another vulnerability.\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). You will find the ones included in these updates listed below.\n\n### CVE-2022-20842\n\n[CVE-2022-20842](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20842>) is a vulnerability in the web-based management interface of the Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.\n\nThis vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition.\n\n### CVE-2022-20827\n\n[CVE-2022-20827](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20827>) is a vulnerability in the web filter database update feature of Cisco Small Business RV160, RV260, RV340, and RV345 series routers. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to perform a command injection and execute commands on the underlying operating system with root privileges.\n\nThis vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted input to the web filter database update feature.\n\n### CVE-2022-20841\n\n[CVE-2022-20841](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20841>) is a vulnerability in the Open Plug and Play (PnP) module of Cisco Small Business RV160, RV260, RV340, and RV345 series routers. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system.\n\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system. To exploit this vulnerability, an attacker must leverage a machine-in-the-middle position or have an established foothold on a specific network device connected to the affected router.\n\n## Input validation\n\nAfter reading the vulnerability descriptions above you may wonder what \"input validation\" means, since the absence of it seems to be one of the underlying issues.\n\nAs you probably suspected, input validation is the name for the checks that are done on data being added to a system. It is necessary to ensure only properly formed data enters the workflow in an information system. When a system does not properly validate its inputs, it gives threat actors a chance to attempt several attacks, depending on the type of system.\n\nThe most common type is SQL injection, an attack used against databases. SQL commands are a mixture of actions (code) and things being acted upon (data). The external inputs that feed into SQL commands [should only ever be interpreted as data](<https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html>). If they are interpreted as code then an attacker can inject input that changes the behaviour of an application's SQL commands.\n\nInsufficient input validation could allow an attacker to execute SQL commands that could destroy your database or provide the attacker with data stored in the database.\n\n## Mitigation\n\nThere are no workarounds that address these vulnerabilities but Cisco has released [free software updates](<https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu>) for them. Cisco states it is not aware of any public announcements or malicious use of the vulnerabilities. So, now is your chance to install those updates before that changes.\n\nA list of releases in which these vulnerabilities have been fixed is available in the [Cisco Security Advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR>).\n\nStay safe, everyone!", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-07T03:15:00", "type": "malwarebytes", "title": "Patch now! Cisco VPN routers are vulnerable to remote control", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-20827", "CVE-2022-20841", "CVE-2022-20842"], "modified": "2022-08-07T03:15:00", "id": "MALWAREBYTES:601DFC536D9D87A387DA9E6DFB431092", "href": "https://www.malwarebytes.com/blog/news/2022/08/patch-now-cisco-vpn-routers-are-vulnerable-to-remote-control", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-07T12:02:34", "description": "Cisco has released a [security advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR>) about several vulnerabilities in the Cisco Small Business RV series routers, covering the RV160, RV260, RV340, and RV345. \n\nThere are no workarounds available that address these vulnerabilities, so you need to patch.\n\n## Vulnerabilities\n\nThe vulnerabilities are dependent on one another\u2014exploitation of one of the vulnerabilities may be required to exploit another vulnerability.\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). You will find the ones included in these updates listed below.\n\n### CVE-2022-20842\n\n[CVE-2022-20842](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20842>) is a vulnerability in the web-based management interface of the Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.\n\nThis vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition.\n\n### CVE-2022-20827\n\n[CVE-2022-20827](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20827>) is a vulnerability in the web filter database update feature of Cisco Small Business RV160, RV260, RV340, and RV345 series routers. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to perform a command injection and execute commands on the underlying operating system with root privileges.\n\nThis vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted input to the web filter database update feature.\n\n### CVE-2022-20841\n\n[CVE-2022-20841](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20841>) is a vulnerability in the Open Plug and Play (PnP) module of Cisco Small Business RV160, RV260, RV340, and RV345 series routers. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system.\n\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system. To exploit this vulnerability, an attacker must leverage a machine-in-the-middle position or have an established foothold on a specific network device connected to the affected router.\n\n## Input validation\n\nAfter reading the vulnerability descriptions above you may wonder what &quot;input validation&quot; means, since the absence of it seems to be one of the underlying issues.\n\nAs you probably suspected, input validation is the name for the checks that are done on data being added to a system. It is necessary to ensure only properly formed data enters the workflow in an information system. When a system does not properly validate its inputs, it gives threat actors a chance to attempt several attacks, depending on the type of system.\n\nThe most common type is SQL injection, an attack used against databases. SQL commands are a mixture of actions (code) and things being acted upon (data). The external inputs that feed into SQL commands [should only ever be interpreted as data](<https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html>). If they are interpreted as code then an attacker can inject input that changes the behaviour of an application&#x27;s SQL commands.\n\nInsufficient input validation could allow an attacker to execute SQL commands that could destroy your database or provide the attacker with data stored in the database.\n\n## Mitigation\n\nThere are no workarounds that address these vulnerabilities but Cisco has released [free software updates](<https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu>) for them. Cisco states it is not aware of any public announcements or malicious use of the vulnerabilities. So, now is your chance to install those updates before that changes.\n\nA list of releases in which these vulnerabilities have been fixed is available in the [Cisco Security Advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR>).\n\nStay safe, everyone!\n\nThe post [Patch now! Cisco VPN routers are vulnerable to remote control](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/patch-now-cisco-vpn-routers-are-vulnerable-to-remote-control/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2022-08-07T11:14:14", "type": "malwarebytes", "title": "Patch now! Cisco VPN routers are vulnerable to remote control", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-20827", "CVE-2022-20841", "CVE-2022-20842"], "modified": "2022-08-07T11:14:14", "id": "MALWAREBYTES:C12260C49D2707E0A0D4432F046C6184", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/patch-now-cisco-vpn-routers-are-vulnerable-to-remote-control/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-12T02:01:33", "description": "[Microsoft has published](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug>) fixes for 141 separate vulnerabilities in its batch of August updates, fixing a total of 118 CVEs in multiple products. This is a new monthly record if you look at the CVE count.\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). These are the CVEs that jumped out at us.\n\n## Microsoft Support Diagnostics Tool\n\n[CVE-2022-34713](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34713>): is a Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) vulnerability. This is a known to be exploited vulnerability which requires the target to open a specially crafted file. This CVE is a variant of the vulnerability publicly known as [Dogwalk](<https://thehackernews.com/2022/06/researchers-warn-of-unpatched-dogwalk.html>).\n\n[CVE-2022-35743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35743>): is another MSDT RCE vulnerability. Neither technical details nor an exploit are publicly available, but we do know that user interaction is required and the attack vector is local, so this is very likely another case where a specially crafted file needs to be opened by the victim.\n\n## Microsoft Exchange\n\n[CVE-2022-30134](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30134>): is a Microsoft Exchange Information Disclosure vulnerability. This vulnerability is publicly disclosed but has not yet been detected in attacks. Affected products are Microsoft Exchange Server 2019 CU 11, Microsoft Exchange Server 2016 CU 22, Microsoft Exchange Server 2013 CU 23, Microsoft Exchange Server 2016 CU 23, and Microsoft Exchange Server 2019 CU 12. Users vulnerable to this issue would need to enable Extended Protection in order to prevent exploitation of this vulnerability. More details can be found on the [Exchange Team Blog](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862>).\n\n[CVE-2022-24477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24477>): is a Microsoft Exchange Server Elevation of Privilege (EoP) vulnerability. Affected products are Microsoft Exchange Server 2016 CU 23, Microsoft Exchange Server 2019 CU 12, Microsoft Exchange Server 2019 CU 11, Microsoft Exchange Server 2016 CU 22, and Microsoft Exchange Server 2013 CU 23. Users vulnerable to this issue would need to enable Extended Protection in order to prevent exploitation of this vulnerability. More details can be found on the [Exchange Team Blog](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862>).\n\n[CVE-2022-24516](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24516>): is another a Microsoft Exchange Server EoP vulnerability. Affected products are Microsoft Exchange Server 2016 CU 23, Microsoft Exchange Server 2019 CU 12, Microsoft Exchange Server 2013 CU 23, Microsoft Exchange Server 2019 CU 11, and Microsoft Exchange Server 2016 CU 22. Users vulnerable to this issue would need to enable Extended Protection in order to prevent exploitation of this vulnerability. More details can be found on the [Exchange Team Blog](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862>).\n\n## Windows Point-to-Point Protocol\n\n[CVE-2022-30133](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30133>): is a Windows Point-to-Point Protocol (PPP) RCE vulnerability with a [CVSS score](<https://www.malwarebytes.com/blog/news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities>) of 9.8 out of 10. An unauthenticated attacker could send a specially crafted connection request to a remote access server (RAS) server, which could lead to remote code execution (RCE) on the RAS server machine. This vulnerability can only be exploited by communicating via port 1723. As a temporary workaround prior to installing the updates that address this vulnerability, you can block traffic through that port thus rendering the vulnerability unexploitable.\n\n## Windows Network File System\n\n[CVE-2022-34715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34715>): is a Windows Network File System (NFS) RCE vulnerability with a CVSS score of 9.8 out of 10. This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1. This could adversely affect your ecosystem and should only be used as a temporary mitigation.\n\n## Other vendors\n\nOther vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.\n\n**Adobe** has also released security updates for many of its products, including Acrobat, Reader, Adobe Commerce, and Magento Open Source. More details [on the Adobe security site](<https://helpx.adobe.com/security.html>).\n\n**Cisco** released security updates for [numerous products](<https://tools.cisco.com/security/center/publicationListing.x>) this month.\n\n**Google** released [Android](<https://source.android.com/security/bulletin/2022-08-01>) security updates.\n\n**SAP **released 5 new [Security Notes](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>).\n\n**VMware **released Security Advisory [VMSA-2022-0022](<https://www.vmware.com/security/advisories/VMSA-2022-0022.html>) and [warned](<https://www.vmware.com/security/advisories/VMSA-2022-0021.html#:~:text=2022%2D08%2D09%3A%20VMSA%2D2022%2D0021.1>) that a recently disclosed auth bypass flaw is [now actively exploited](<https://www.bleepingcomputer.com/news/security/vmware-warns-of-public-exploit-for-critical-auth-bypass-vulnerability/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T09:00:00", "type": "malwarebytes", "title": "Update now! Microsoft fixes two zero-days in August's Patch Tuesday", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-24477", "CVE-2022-24516", "CVE-2022-30133", "CVE-2022-30134", "CVE-2022-34713", "CVE-2022-34715", "CVE-2022-35743"], "modified": "2022-08-10T09:00:00", "id": "MALWAREBYTES:1E762A45A948B3FD9F8A8DC65D028095", "href": "https://www.malwarebytes.com/blog/news/2022/08/update-now-patch-tuesday-august-2022", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-08T14:51:13", "description": "_This blog post was authored by Ankur Saini and Hossein Jazi_\n\nThe Malwarebytes Threat Intelligence team has identified a new Remote Access Trojan we are calling Woody Rat that has been in the wild for at least one year.\n\nThis advanced custom Rat is mainly the work of a threat actor that targets Russian entities by using lures in archive file format and more recently Office documents leveraging the Follina vulnerability.\n\nBased on a fake domain registered by the threat actors, we know that they tried to target a Russian aerospace and defense entity known as [OAK](<https://en.wikipedia.org/wiki/United_Aircraft_Corporation>).\n\nIn this blog post, we will analyze Woody Rat's distribution methods, capabilities as well as communication protocol.\n\n## Distribution methods\n\nBased on our knowledge, Woody Rat has been distributed using two different formats: archive files and Office documents using the Follina vulnerability.\n\nThe earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group. When the Follina vulnerability became known to the world, the threat actor switched to it to distribute the payload, as identified by [@MalwareHunterTeam](<https://twitter.com/malwrhunterteam/status/1534184385313923072>).\n\nThe following diagram shows the overall attack flow used by the threat actor to drop Woody Rat:\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure1.png>) Woody Rat distribution methods\n\n**Archive files**\n\nIn this method, Woody Rat is packaged into an archive file and sent to victims. We believe that these archive files have been distributed using spear phishing emails. Here are some examples of these archive files:\n\n * _anketa_brozhik.doc.zip_: It contains Woody Rat with the same name: _Anketa_Brozhik.doc.exe_.\n * _zayavka.zip_: It contains Woody Rat pretending to be an application (application for participation in the _selection.doc.exe_).\n\n**Follina vulnerability**\n\nThe threat actor is using a Microsoft Office document (_\u041f\u0430\u043c\u044f\u0442\u043a\u0430.docx_) that has weaponized with the Follina (CVE-2022-30190) vulnerability to drop Woody Rat. The used lure is in Russian is called \"_Information security memo_\" which provide security practices for passwords, confidential information, etc.\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure2.png>) Document lure\n\n## Woody Rat Analysis\n\nThe threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat:\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure3.png>) Debug Information\n\nA lot of CRT functions seem to be statically linked, which leads to IDA generating a lot of noise and hindering analysis. Before initialization, the malware effectively suppresses all error reporting by calling SetErrorMode with 0x8007 as parameter.\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure4.png>) main function\n\nAs we will see later, that malware uses multiple threads and so it allocates a global object and assigns a mutex to it to make sure no two clashing operations can take place at the same time. This object enforces that only one thread is reaching out to the C2 at a given time and that there are no pending requests before making another request.\n\n### Deriving the Cookie\n\nThe malware communicates with its C2 using HTTP requests. To uniquely identify each infected machine, the malware derives a cookie from machine specific values. The values are taken from the adapter information, computer name and volume information, and 8 random bytes are appended to this value to avoid any possible cookie collisions by the malware.\n\nA combination of _GetAdaptersInfo_, _GetComputerNameA_ and _GetVolumeInformationW_ functions are used to retrieve the required data to generate the cookie. This cookie is sent with every HTTP request that is made to the C2.\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure5.png>) get_cookie_data function\n\n### Data encryption with HTTP requests\n\nTo evade network-based monitoring the malware uses a combination of RSA-4096 and AES-CBC to encrypt the data sent to the C2. The public key used for RSA-4096 is embedded inside the binary and the malware formulates the RSA public key blob at runtime using the embedded data and imports it using the _BCryptImportKeyPair_ function.\n\nThe malware derives the key for AES-CBC at runtime by generating 32 random bytes; these 32 bytes are then encrypted with RSA-4096 and sent to the C2. Both the malware and C2 simultaneously use these bytes to generate the AES-CBC key using _BCryptGenerateSymmetricKey_ which is used in subsequent HTTP requests to encrypt and decrypt the data. For encryption and decryption the malware uses _BCryptEncrypt_ and _BCryptDecrypt_ respectively.\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure6.png>) RSA Encryption routine\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure7.png>) AES Encryption Routine\n\n### C2 HTTP endpoint request\n\n**knock** \\- This is the first HTTP request that the malware makes to the C2. The machine-specific cookie is sent as part of the headers here. This is a POST request and the data of this request contains 32 random bytes which are used to derive AES-CBC key, while the 32 bytes are RSA-4096 encrypted.\n\nThe data received as response for this request is decrypted and it contains the url path to submit (/submit) the additional machine information which the malware generates after this operation.\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure8.png>) knock request headers\n\n**submit **\\- This endpoint request is used to submit information about the infected machine. The data sent to the C2 is AES-CBC encrypted. [Data](<https://gist.github.com/kernelm0de/fd018d58ebe78f603a13b2eba7f01917>) sent via submit API includes:\n\n * OS\n * Architecture\n * Antivirus installed\n * Computer Name\n * OS Build Version\n * .NET information\n * PowerShell information\n * Python information (Install path, version etc.)\n * Storage drives - includes Drive path, Internal name etc.\n * Environment Variables\n * Network Interfaces\n * Administrator privileges\n * List of running processes\n * Proxy information\n * Username\n * List of all the User accounts\n\nThe malware currently detects 6 AVs through Registry Keys; these AVs being Avast Software, Doctor Web, Kaspersky, AVG, ESET and Sophos.\n\n**ping** \\- The malware makes a ping GET http request to the C2 at regular intervals. If the C2 responds with \"_CRY\" then the malware proceeds to send the knock request again but if the C2 responds with \"_ACK\" the response contains additional information about which command should be executed by the malware.\n\nThe malware supports a wide variety of commands which are classified into _SET and _REQ requests as seen while analyzing the malware. We will dive into all these commands below in the blog.\n\n### C2 Commands\n\nThe malware uses a specific thread to communicate with the C2 and a different one to execute the commands received from the C2. To synchronize between both threads, the malware leverages events and mutex. To dispatch a command it modifies the state of the event linked to that object. We should note all the communications involved in these commands are AES encrypted.\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure9.png>) Command execution routine\n\n**_SET Commands**\n\n * **PING** \\- This command is used to set the sleep interval between every ping request to the C2.\n * **PURG** \\- Unknown command\n * **EXIT** \\- Exit the command execution thread.\n\n**_REQ Commands**\n\n * **EXEC** (Execute)- Executes the command received from the C2 by creating a cmd.exe process, the malware creates two named pipes and redirects the input and output to these pipes. The output of the command is read using _ReadFile_ from the named pipe and then \"_DAT\" is appended to this data before it is AES encrypted and sent to the C2.\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure10.png>) EXEC command\n\n * **UPLD** (Upload) - The Upload command is used to remotely upload a file to the infected machine. The malware makes a GET request to the C2 and receives data to be written as file.\n * **INFO** (Submit Information) - The INFO command is similar to the \"submit\" request above; this command sends the exact information to the C2 as sent by the \"submit\" request.\n\n INFO command\n\n * **UPEX** (Upload and Execute) - This is a combination of UPLD and EXEC command. The commands first writes a file received from the C2 and then executes that file.\n * **DNLD** (Download) - The DNLD command allows the C2 to retrieve any file from the infected machine. The malware encrypts the requested file and sends the data via a POST request to the C2.\n * **PROC** (Execute Process) - The PROC command is similar to the EXEC command with slight differences, here the process is directly executed instead of executing it with cmd.exe as in EXEC command. The command uses the named pipes in similar fashion as used by the EXEC command.\n * **UPPR** (Upload and Execute Process) - This is a combination of UPLD and PROC command. The command receives the remote file using the upload command then executes the file using PROC command.\n * **SDEL** (Delete File) - This is used to delete any file on the infected system. It also seems to overwrite the first few bytes of the file to be deleted with random data.\n * **_DIR** (List directory) - This can list all the files and their attributes in a directory supplied as argument. If no directory is supplied, then it proceeds to list the current directory. File attributes retrieved by this command are: \n * Filename\n * Type (Directory, Unknown, File)\n * Owner\n * Creation time\n * Last access time\n * Last write time\n * Size\n * Permissions\n * **STCK** (Command Stack) - This allows the attacker to execute multiple commands with one request. The malware can receive a STCK command which can have multiple children commands which are executed in the same order they are received by the malware.\n * **SCRN** (Screenshot) - This command leverages Windows GDI+ to take the screenshot of the desktop. The image is then encrypted using AES-CBC and sent to the C2.\n * **INJC** (Process Injection) - The malware seems to generate a new AES key for this command. The code to be injected is received from the C2 and decrypted. To inject the code into the target process it writes it to the remote memory using WriteProcessMemory and then creates a remote thread using CreateRemoteThread.\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure12.png>) INJC routine\n\n * **PSLS** (Process List) - Calls _NtQuerySystemInformation_ with _SystemProcessInformation_ to retrieve an array containing all the running processes. Information sent about each process to the C2: \n * PID\n * ParentPID\n * Image Name\n * Owner\n * **DMON** (Creates Process) - The command seems similar to PROC with the only difference being the output of the process execution is not sent back to the C2. It receives the process name from the C2 and executes it using CreateProcess.\n * **UPDM** (Upload and Create Process) - Allows the C2 and upload a file and then execute it using DMON command.\n\n**SharpExecutor and PowerSession Commands**\n\nInterestingly, the malware has 2 .NET DLLs embedded inside. These DLLs are named _WoodySharpExecutor_ and _WoodyPowerSession_ respectively. _WoodySharpExecutor_ provides the malware ability to run .NET code received from the C2. _WoodyPowerSession_ on the other hand allows the malware to execute PowerShell commands and scripts received from the C2.\n\n_WoodyPowerSession_ makes use of pipelines to execute these PS commands. The .NET dlls are loaded by the malware and commands are executed via the methods present in these DLLs:\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure13.png>) SharpExecutor and PowerSession methods\n\nWe will look at the commands utilising these DLLs below:\n\n * **DN_B** (DotNet Binary) - This command makes use of the RunBinaryStdout method to execute Assembly code with arguments received from the C2. The code is received as an array of Base64 strings separated by 0x20 character.\n * **DN_D** (DotNet DLL) - This method provides the attacker a lot more control over the execution. An attacker can choose whether to send the console output back to the C2 or not. The method receives an array of Base64 strings consisting of code, class name, method name and arguments. The DLL loads the code and finds and executes the method based on other arguments received from the C2.\n * **PSSC** (PowerSession Shell Command) - Allows the malware to receive a Base64 encoded PowerShell command and execute it.\n * **PSSS** (PowerSession Shell Script) - This command allows the malware to load and execute a Base64 encoded PowerShell script received from the C2.\n * **PSSM** (PowerSession Shell Module) - This command receives an array of Base64 encoded strings, one of which contains the module contents and the other one contains the module name. These strings are decoded and this module is imported to the command pipeline and then invoked.\n\n### Malware Cleanup\n\nAfter creating the command threads, the malware deletes itself from disk. It uses the more commonly known _ProcessHollowing_ technique to do so. It creates a suspended notepad process and then writes shellcode to delete a file into the suspended process using _NtWriteVirtualMemory_. The entry point of the thread is set by using the _NtSetContextThread_ method and then the thread is resumed. This leads to the deletion of the malware from disk.\n\n[](<https://www.malwarebytes.com/blog/images/uploads/2022/08/figure14.png>) Malware deletes itself\n\n## Unknown threat actor\n\nThis very capable Rat falls into the category of unknown threat actors we track. Historically, Chinese APTs such as Tonto team as well as North Korea with Konni have targeted Russia. However, based on what we were able to collect, there weren't any solid indicators to attribute this campaign to a specific threat actor.\n\nMalwarebytes blocks the Follina exploit that is being leveraged in the latest Woody Rat campaign. We also already detected the binary payloads via our heuristic malware engines.\n\n\n\n## IOCs\n\n**Woody****Rat**:\n\n * 982ec24b5599373b65d7fec3b7b66e6afff4872847791cf3c5688f47bfcb8bf0\n * 66378c18e9da070629a2dbbf39e5277e539e043b2b912cc3fed0209c48215d0b\n * b65bc098b475996eaabbb02bb5fee19a18c6ff2eee0062353aff696356e73b7a\n * 43b15071268f757027cf27dd94675fdd8e771cdcd77df6d2530cb8e218acc2ce\n * 408f314b0a76a0d41c99db0cb957d10ea8367700c757b0160ea925d6d7b5dd8e\n * 0588c52582aad248cf0c43aa44a33980e3485f0621dba30445d8da45bba4f834\n * 5c5020ee0f7a5b78a6da74a3f58710cba62f727959f8ece795b0f47828e33e80\n * 3ba32825177d7c2aac957ff1fc5e78b64279aeb748790bc90634e792541de8d3\n * 9bc071fb6a1d9e72c50aec88b4317c3eb7c0f5ff5906b00aa00d9e720cbc828d\n\n**C2s:**\n\n * kurmakata.duckdns[.]org\n * microsoft-ru-data[.]ru\n * 194.36.189.179\n * microsoft-telemetry[.]ru\n * oakrussia[.]ru\n\n**Follina Doc:** \n\u041f\u0430\u043c\u044f\u0442\u043a\u0430.docx \nffa22c40ac69750b229654c54919a480b33bc41f68c128f5e3b5967d442728fb \n**Follina html file:** \ngarmandesar.duckdns[.]org:444/uoqiuwef.html \n**Woody Rat url:** \nfcloud.nciinform[.]ru/main.css (edited)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-03T21:00:00", "type": "malwarebytes", "title": "Woody RAT: A new feature-rich malware spotted in the wild", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-08-03T21:00:00", "id": "MALWAREBYTES:A92CA3CF06DBCD086A388A462B770E3B", "href": "https://www.malwarebytes.com/blog/news/2022/08/woody-rat-a-new-feature-rich-malware-spotted-in-the-wild", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-05T15:58:36", "description": "Google has released version 103.0.5060.114 for Chrome, now available in the [Stable Desktop channel](<https://chromereleases.googleblog.com/2022/07/extended-stable-channel-update-for.html>) worldwide. The main goal of this new version is to patch CVE-2022-2294.\n\n[CVE-2022-2294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294>) is a high severity heap-based buffer overflow weakness in the Web Real-Time Communications (WebRTC) component which is being exploited in the wild. This is the fourth Chrome zero-day to be patched in 2022.\n\n## Heap buffer overflow\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).\n\nA buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap.\n\nThe heap is an area of memory made available use by the program. The program can request blocks of memory for its use within the heap. In order to allocate a block of some size, the program makes an explicit request by calling the heap allocation operation.\n\n## The vulnerability\n\nWebRTC on Chrome is the first true in-browser solution to real-time communications (RTC). It supports video, voice, and generic data to be sent between peers, allowing developers to build powerful voice- and video-communication solutions. The technology is available on all modern browsers as well as on native clients for all major platforms.\n\nA WebRTC application will usually go through a common application flow. Access the media devices, open peer connections, discover peers, and start streaming. Since Google does not disclose details about the vulnerability until everyone has had ample opportunity to install the fix it is unclear in what stage the vulnerability exists.\n\n## How to protect yourself\n\nIf you\u2019re a Chrome user on Windows or Mac, you should update as soon as possible.\n\nThe easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser.\n\nSo, it doesn\u2019t hurt to check now and then. And now would be a good time, given the severity of the vulnerability. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking **Settings &gt; About Chrome**.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete.\n\n\n\nAfter the update the version should be 103.0.5060.114 or later.\n\n\n\nSince WebRTC is a Chromium component, users of other Chromium based browsers may see a similar update.\n\nStay safe, everyone!\n\nThe post [Update now! Chrome patches ANOTHER zero-day vulnerability](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-chrome-patches-another-zero-day-vulnerability/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2022-07-05T13:56:04", "type": "malwarebytes", "title": "Update now! Chrome patches ANOTHER zero-day vulnerability", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-05T13:56:04", "id": "MALWAREBYTES:6E72426C60EECBEF071E305072060892", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-chrome-patches-another-zero-day-vulnerability/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-06-02T17:32:49", "description": "On Monday May 30, 2022, Microsoft issued [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>) for a zero-day remote code vulnerability, &#x27;Follina&#x27;, already being exploited in the wild via malicious Word documents.\n\n_**Q: What exactly is Follina?**_\n\nA: Follina is the nickname given to a new vulnerability discovered as a zero-day and identified as CVE-2022-30190. In technical terms it is a Remote Code Execution Vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT).\n\n_**Q: But what does it mean, and is this a serious vulnerability?**_\n\nA: An attacker can send you a malicious Office document that will compromise your machine with malware when you open it. It is serious since it is already actively being exploited in the wild and doesn&#x27;t require users to enable macros.\n\n**_Q: What is Microsoft doing about it?_**\n\nA: Microsoft has offered [mitigation steps](<https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/>) that disable the MSDT URL Protocol. However, users should proceed with caution because of possible conflicts and crashes with existing applications.\n\n_**Q: Does Malwarebytes protect against Follina?**_\n\nA: Yes, it does. Please see additional steps below based on your product to ensure you are protected.\n\n[](<https://blog.malwarebytes.com/wp-content/uploads/2022/06/Follina_block.png> \"\" )\n\n## How to add protection with Malwarebytes\n\nWe are working on releasing a new version of Anti-Exploit that won&#x27;t require adding new shields and will provide more holistic protection. For immediate mitigation, please follow the instructions below.\n\n### Malwarebytes Premium (Consumer)\n\nFollow the instructions below to add `sdiagnhost.exe` as a new protected application.\n\n[](<https://blog.malwarebytes.com/wp-content/uploads/2022/06/MB4.gif> \"\" )\n\n### Malwarebytes Nebula (Enterprise)\n\nFollow the instructions below to add `sdiagnhost.exe` as a new protected application.\n\n[](<https://blog.malwarebytes.com/wp-content/uploads/2022/06/Nebula.gif> \"\" )\n\nThe post [FAQ: Mitigating Microsoft Office&#x27;s &#x27;Follina&#x27; zero-day](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/faq-mitigating-microsoft-offices-follina-zero-day/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-01T16:36:44", "type": "malwarebytes", "title": "FAQ: Mitigating Microsoft Office\u2019s \u2018Follina\u2019 zero-day", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-06-01T16:36:44", "id": "MALWAREBYTES:6AC81D4001C847401760BE111E21585B", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/faq-mitigating-microsoft-offices-follina-zero-day/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2023-12-03T17:26:25", "description": "### Overview\n\nA security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process.\n\n### Description\n\nUEFI firmware is software written by vendors in the [UEFI ecosystem](<https://uefi.org/node/4046>) to provide capabilities in the early start up phases of a computer. [Secure Boot](<https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot>) is a UEFI standard that can be enabled and used to verify firmware and to protect a system against malicious code being loaded and executed early in the boot process, prior to the loading of the operating system. \n\nSecurity researchers at [Eclypsium](<https://eclypsium.com>) have found three specific UEFI bootloaders that are signed and authenticated by Microsoft to be vulnerable to a security feature bypass vulnerability allowing an attacker to bypass Secure Boot when it is enabled. The vulnerable bootloaders can be tricked to bypass Secure Boot via a custom installer (CVE-2022-34302) or an EFI shell (CVE-2022-34301 and CVE-2022-34303). As a vulnerable bootloader executes unsigned code prior to initialization of the the Operating System's (OS) boot process, it cannot be easily monitored by the OS or common Endpoint Detection and Response (EDR) tools.\n\nThe following vendor-specific bootloaders were found vulnerable:\n\n * Inherently vulnerable bootloader to bypass Secure Boot\n * New Horizon Datasys Inc (CVE-2022-34302) \n * UEFI Shell execution to bypass Secure Boot\n * CryptoPro Secure Disk (CVE-2022-34301)\n * Eurosoft (UK) Ltd (CVE-2022-34303)\n\n### Impact\n\nAn attacker can bypass a system's Secure Boot feature at startup and execute arbitrary code before the operating system (OS) loads. Code executed in these early boot phases can provide persistence to an attacker, potentially loading arbitrary kernel extensions that survive both reboot and re-installation of an OS. It may also evade common OS-based and EDR security defenses.\n\n### Solution\n\n#### Apply a patch\n\nApply your vendor-provided security updates that address these vulnerabilities to block vulnerable firmware from bypassing Secure Boot. Microsoft has provided details with their [KB5012170](<https://support.microsoft.com/en-us/topic/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15>) article released on August 9th 2022. Note, these updates can be delivered from your OEM vendor or the OS vendor to install an updated [Secure Boot Forbidden Signature Database (DBX) ](<https://uefi.org/revocationlistfile>). \n\n#### Enterprise and Product Developers\n\nAs DBX file changes can cause a system to become [unstable](<https://www.zdnet.com/article/microsoft-pulls-security-update-after-reports-of-issues-affecting-some-pcs/>), Vendors are urged to verify the DBX updates do not cause the machine to be unusable. Enterprises and Cloud Providers that manage large number of computers are also urged to do the required security updates and ensure DBX files are implemented reliably without any risk of boot failure.\n\n### Acknowledgements\n\nThanks to Mickey Shkatov and Jesse Michael of Eclypsium who researched and reported these vulnerabilities.\n\nThis document was written by Brad Runyon &amp; Vijay Sarvepalli.\n\n### Vendor Information\n\n309662\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Microsoft __ Affected\n\nNotified: 2022-05-24 Updated: 2022-08-11\n\n**Statement Date: June 01, 2022**\n\n**CVE-2022-34301**| Affected \n---|--- \n**Vendor Statement:** \nMicrosoft has worked closely with the vendor, Eurosoft (UK) to remedy the vulnerable bootloader issue, and has blocked the certificate previously issued with the July 2022 Security Update Release. \n**CVE-2022-34302**| Affected \n**Vendor Statement:** \nMicrosoft has blocked the certificate previously issued to New Horizon Datasys Inc. with the July 2022 Security Update Release. \n**CVE-2022-34303**| Affected \n**Vendor Statement:** \nMicrosoft has worked closely with the vendor, CryptoPro Secure Disk (CPSD) to remedy the vulnerable bootloader issue, and has blocked the certificate previously issued with the July 2022 Security Update Release. \n \n### Red Hat __ Affected\n\nNotified: 2022-08-02 Updated: 2022-08-25\n\n**Statement Date: August 16, 2022**\n\n**CVE-2022-34301**| Affected \n---|--- \n**CVE-2022-34302**| Affected \n**CVE-2022-34303**| Affected \n \n#### Vendor Statement\n\nRed Hat has evaluated this issue and determined we are affected by this vulnerability. Although Red Hat doesn't ship any of the affected shim versions, it would still be bootable in machines installed with Red Hat Enterprise Linux as the shim signatures are still not listed in the DBX. Red Hat is working to provide a DBX update disallowing the affected shims to be booted.\n\n### Fujitsu __ Not Affected\n\nNotified: 2022-09-21 Updated: 2022-09-28\n\n**Statement Date: September 23, 2022**\n\n**CVE-2022-34301**| Not Affected \n---|--- \n**CVE-2022-34302**| Not Affected \n**CVE-2022-34303**| Not Affected \n \n#### Vendor Statement\n\nFujitsu is aware of the vulnerabilities in third party UEFI bootloaders by New Horizon Datasys Inc, CryptoPro Secure Disk and Eurosoft (UK) Ltd.\n\nFujitsu commenced an analysis, inquired manufacturer Insyde, and simultaneously resorted to CERT/CC intelligence.\n\nBased on that, UEFI-BIOS manufacturers will provide a Secure Boot Forbidden Signature Database (DBX) update, along with future firmware releases. These updates will be integrated timely into Fujitsu UEFI-BIOS firmware.\n\nThe Fujitsu PSIRT has no plans to issue a dedicated Security Notice or similar. Due to the mitigation by OEM vendors and OS vendors at the same time, the issue is therefore considered resolved.\n\nIn case of questions, please contact the Fujitsu PSIRT (Fujitsu-PSIRT@ts.fujitsu.com).\n\n### Insyde Software Corporation Not Affected\n\nNotified: 2022-08-09 Updated: 2022-08-25\n\n**Statement Date: August 17, 2022**\n\n**CVE-2022-34301**| Not Affected \n---|--- \n**CVE-2022-34302**| Not Affected \n**CVE-2022-34303**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Phoenix Technologies Not Affected\n\nNotified: 2022-08-09 Updated: 2022-08-11\n\n**Statement Date: August 09, 2022**\n\n**CVE-2022-34301**| Not Affected \n---|--- \n**CVE-2022-34302**| Not Affected \n**CVE-2022-34303**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Toshiba Corporation Not Affected\n\nNotified: 2022-08-02 Updated: 2022-08-25\n\n**Statement Date: August 16, 2022**\n\n**CVE-2022-34301**| Not Affected \n---|--- \n**CVE-2022-34302**| Not Affected \n**CVE-2022-34303**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel __ Unknown\n\nNotified: 2022-08-02 Updated: 2022-09-12\n\n**Statement Date: August 26, 2022**\n\n**CVE-2022-34301**| Unknown \n---|--- \n**Vendor Statement:** \nIntel is aware of reports around a vulnerability within signed bootloaders and is actively investigating if our products are impacted. If products are found to be impacted, a security advisory will be published coordinated with our ecosystem partners. \n**CVE-2022-34302**| Unknown \n**Vendor Statement:** \nIntel is aware of reports around a vulnerability within signed bootloaders and is actively investigating if our products are impacted. If products are found to be impacted, a security advisory will be published coordinated with our ecosystem partners. \n**CVE-2022-34303**| Unknown \n**Vendor Statement:** \nIntel is aware of reports around a vulnerability within signed bootloaders and is actively investigating if our products are impacted. If products are found to be impacted, a security advisory will be published coordinated with our ecosystem partners. \n \n#### Vendor Statement\n\nIntel is aware of reports around a vulnerability within signed bootloaders and is actively investigating if our products are impacted. If products are found to be impacted, a security advisory will be published coordinated with our ecosystem partners.\n\n### Acer Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Amazon Unknown\n\nUpdated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AMD Unknown\n\nNotified: 2022-08-11 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### American Megatrends Incorporated (AMI) Unknown\n\nNotified: 2022-08-09 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Debian GNU/Linux Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dynabook Inc. Unknown\n\nNotified: 2022-08-24 Updated: 2022-08-25 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Gamma Tech Computer Corp. Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GETAC Inc. Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Google Unknown\n\nUpdated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hewlett Packard Enterprise Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HP Inc. Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lenovo Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ReactOS Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Star Labs Online Limited Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### UEFI Security Response Team Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### VAIO Corporation Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 25 vendors __View less vendors __\n\n \n\n\n### References\n\n * <https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022>\n * <https://support.microsoft.com/en-us/topic/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15>\n * <https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot>\n * <https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-secure-boot>\n * <https://uefi.org/sites/default/files/resources/Insyde%20HPE%20NSA%20and%20UEFI%20Secure%20Boot%20Guidelines_FINAL%20v2.pdf>\n * <https://eclypsium.com/2022/07/26/firmware-security-realizations-part-1-secure-boot-and-dbx/>\n * <https://www.zdnet.com/article/microsoft-pulls-security-update-after-reports-of-issues-affecting-some-pcs/>\n * <https://uefi.org/revocationlistfile>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2022-34301 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2022-34301>) [CVE-2022-34302 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2022-34302>) [CVE-2022-34303 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2022-34303>) \n---|--- \n**API URL: ** | VINCE JSON | CSAF \n**Date Public:** | 2022-08-11 \n**Date First Published:** | 2022-08-11 \n**Date Last Updated: ** | 2022-09-28 15:32 UTC \n**Document Revision: ** | 5 \n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-11T00:00:00", "type": "cert", "title": "Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2022-09-28T15:32:00", "id": "VU:309662", "href": "https://www.kb.cert.org/vuls/id/309662", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}}], "qualysblog": [{"lastseen": "2022-09-13T00:03:22", "description": "Welcome to the first edition of the Qualys Research Team\u2019s \u201cThreat Research Thursday\u201d where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. We will endeavor to issue these update reports regularly, as often as every other week, or as our threat intelligence output warrants. \n\n\n\n## Threat Intelligence from the Qualys Blog\n\nHere is a roundup of the most interesting blogs from the Qualys Research Team from the past couple of weeks: \n\n * New Qualys Research Report: [Evolution of Quasar RAT](<https://blog.qualys.com/vulnerabilities-threat-research/2022/07/29/new-qualys-research-report-evolution-of-quasar-rat>) \u2013 This free downloadable report gives a sneak peek of the detailed webinar topic that Qualys Threat Research team\u2019s Linux EDR expert Viren Chaudari will be presenting on our upcoming [Threat Thursdays webinar](<https://event.on24.com/wcc/r/3925198/52A4000CBD17D2B16AFD5F56B3C9D15A>). \n * Here\u2019s a [Simple Script to Detect the Stealthy Nation-State BPFDoor](<https://blog.qualys.com/vulnerabilities-threat-research/2022/08/01/heres-a-simple-script-to-detect-the-stealthy-nation-state-bpfdoor>) \u2013 In this blog we explain how a simple script can detect a BPFDoor. \n * Introducing [Qualys CyberSecurity Asset Management 2.0](<https://www.qualys.com/apps/cybersecurity-asset-management/>) with natively integrated [External Attack Surface Management](<https://blog.qualys.com/qualys-insights/2022/07/28/attack-surface-management-a-critical-pillar-of-cybersecurity-asset-management>) \u2013 This is big news! We offer one of only a few solutions on the market that empower cybersecurity teams to manage internal and external assets at the same time! For our existing customers, [Qualys CSAM API Best Practices](<https://blog.qualys.com/product-tech/2022/08/05/qualys-api-best-practices-cybersecurity-asset-management-api>) should be a good starting point for playing with our extensive list of APIs. \n * [August 2022 Patch Tuesday](<https://blog.qualys.com/vulnerabilities-threat-research/2022/08/09/august-2022-patch-tuesday>) \u2013 Microsoft and the second Tuesday of the month are inseparable (except that one time in 2017 just before the Equation Group leak!) This is our regular monthly coverage of the vulnerabilities that Microsoft and Adobe fixed this month. \n\n## New Threat Hunting Tools &amp; Techniques\n\n**Sysmon v14.0, AccessEnum v1.34, and Coreinfo v3.53**: This is a major update to Sysmon that adds a new `event ID 27 - FileBlockExecutable` that prevents processes from creating executable files in specified locations. What this means is if you want to block certain files from executing in a certain directory, you can do so. [Get these tools &amp; updates](<https://docs.microsoft.com/en-us/sysinternals/downloads/>). \n\n**Bomber: **All of us know how important software bills of materials (SBOMs) are, and the vulnerabilities that affect them even more so. This open-source repository tool that we\u2019ve evaluated will help you scan JSON formatted SBOM files to point out any vulnerabilities they may have. [Check out Bomber](<https://github.com/devops-kung-fu/bomber>). \n\n**Alan C2 Framework:** Until recently, this command &amp; control (C2) framework \u2013 even though it was hosted on GitHub \u2013 was closed source. You could download it and test it for free, but not inspect its source code unless you decompiled it. Now the source code has been made available. For example, you can now look at the [certificate information](<https://github.com/enkomio/AlanFramework/blob/8134494037435c5e6478409447efe41f563e0688/src/client/mbedtls/tests/data_files/dir-maxpath/c20.pem>) and add it to your detection pipeline if you have not already done so. [Access the Alan C2 Framework source code](<https://github.com/enkomio/AlanFramework>). \n\n**FISSURE**: This interesting Radio Frequency (RF) framework was released as open source at the recently concluded DEFCONference. With this reverse engineering RF framework, you can detect, classify signals, execute attacks, discover protocols, and analyze vulnerabilities. A lot can be done with this tool! [Check out FISSURE](<https://github.com/ainfosec/FISSURE>). \n\n**Sub7 Legacy**: The source code to your favorite trojan from the not-so-recent past is now available. Well, not really. This is a complete remake of the trojan from the early 2000\u2019s. The look &amp; feel is still the same \u2013 minus the malicious features, but it does make one nostalgic. Here\u2019s hoping that threat actor groups don\u2019t use this Delphi source code for new and nefarious use cases! [Check out the new Sub7 Legacy](<https://github.com/DarkCoderSc/SubSeven>). \n\n**Hashview**: What do you do when you dump a hash via Mimikatz and want to crack it? In a team engagement, a tool like Hashview can help. It allows you to automate hashcat, retroactively crack hashes, and get notifications on a particular event. [Check out the Hashview source code](<https://github.com/hashview/hashview>). \n\n**Center for Internet Security: **CIS published their August update for the [End-of-Support Software Report List](<https://www.cisecurity.org/insights/blog/end-of-support-software-report-list>). Use it coupled with Qualys CSAM to stay updated on software that\u2019s no longer vendor supported. \n\n## New Vulnerabilities \n\n[**CVE-2022-34301**](<https://nvd.nist.gov/vuln/detail/CVE-2022-34301>)/[**CVE-2022-34302**](<https://nvd.nist.gov/vuln/detail/CVE-2022-34302>)/[**CVE-2022-34303**](<https://nvd.nist.gov/vuln/detail/CVE-2022-34303>) \u2013 Not much was known about these bootloader vulnerabilities when they were first disclosed as part of Microsoft Patch Tuesday. New research about these vulnerabilities was [presented at DEFCON](<https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/>) pointing towards weaknesses in third-party code signed by Microsoft. Special care must be given to fixing these vulnerabilities, as manual intervention is required for complete remediation. \n\n[**CVE-2022-30209**](<https://nvd.nist.gov/vuln/detail/CVE-2022-30209>) \u2013 Fresh off of its disclosure at Black Hat USA 2022, this _IIS authentication bypass vulnerability_ discovered by Devcore, is [introduced](<https://twitter.com/orange_8361/status/1557504677050478594?s=20&t=KnnUPgzWitsV-dCEdSeCjA>) because of a logic error as a result of improper copy/pasting of variable names. Qualys VMDR customers can find unpatched devices in their networks by looking for QID 91922 in their results. \n\n[**CVE-2022-22047**](<https://nvd.nist.gov/vuln/detail/CVE-2022-22047>) - This Windows client/server runtime subsystem (CSRSS) _elevation of privilege vulnerability_ affects almost all Windows versions, including v7, 8.1, 10, 11, and Windows Server 2008, 2012, 2016, 2019, and 2022! QIDs 91922 and 91927 should be of interest to current Qualys VMDR customers. \n\n[**CVE-2022-26138**](<https://nvd.nist.gov/vuln/detail/CVE-2022-26138>) \u2013 The Confluence Questions app, when installed will create a `disabledsystemuser `user with a known and now _publicized hardcoded password_. Post exploitation, bad actors can read the pages accessible by the confluence-users group. \n\n[**CVE-2022-26501**](<https://nvd.nist.gov/vuln/detail/CVE-2022-26501>) \u2013 Proof-of-concept code for this _unauthenticated remote code execution_ vulnerability affecting Veeam Distribution Service (VDS) has been available for more than four months now. When last checked on Shodan, there were more than 18,000 publicly facing devices that host Veeam Backup Services. \n\n## Introducing the Monthly Threat Thursdays Webinar \n\nPlease join us for the first [Threat Thursdays monthly webinar](<https://event.on24.com/wcc/r/3925198/52A4000CBD17D2B16AFD5F56B3C9D15A>) where the Qualys Threat Research Team will present the latest threat intelligence\u2026 each and every month! \n\n[REGISTER NOW](<https://event.on24.com/wcc/r/3925198/52A4000CBD17D2B16AFD5F56B3C9D15A>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-01T21:00:00", "type": "qualysblog", "title": "Introducing Qualys Threat Research Thursdays", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22047", "CVE-2022-26138", "CVE-2022-26501", "CVE-2022-30209", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2022-09-01T21:00:00", "id": "QUALYSBLOG:AE4AA7402829D66599C8A25E83DD0FD2", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-15T23:58:32", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 84 vulnerabilities (aka flaws) in the July 2022 update, including four (4) vulnerabilities classified as **_Critical_** as they allow Remote Code Execution (RCE). This month&#x27;s Patch Tuesday cumulative Windows update includes the fix for one (1) actively exploited zero-day vulnerability ([CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)). Earlier this month, July 6, 2022, Microsoft also released two (2) Microsoft Edge (Chromium-Based) security updates as well.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution (RCE), Security Feature Bypass, and Tampering.\n\nMany of the vulnerabilities patched this month relate to remote code execution, but there are no reports of active exploitation (in the wild) except for [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>)[CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>), a Windows CSRSS Elevation of Privilege Vulnerability.\n\n## The July 2022 Microsoft vulnerabilities are classified as follows: \n\n\n\n [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/07/13/microsoft-patches-84-vulnerabilities-including-one-zero-day-and-four-critical-in-the-july-2022-patch-tuesday/>)\n\n* * *\n\n# **Notable Microsoft Vulnerabilities Patched**\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>) | Windows CSRSS Elevation of Privilege Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nElevation of Privilege - Important - An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. (Article [5015874](<https://support.microsoft.com/help/5015874>))\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected_**\n\n* * *\n\n# **Microsoft Critical Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul>) covers multiple Microsoft product families, including Azure, Browser, ESU, Microsoft Dynamics, Microsoft Office, System Center, and Windows.\n\nA total of 63 unique Microsoft products/versions are affected.\n\nDownloads include Monthly Rollup, Security Only, and Security Updates.\n\n* * *\n\n### [CVE-2022-30221](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221>) | Windows Graphics Component Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nAn attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim&#x27;s system in the context of the targeted user.\n\nWindows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1 are only affected by this vulnerability if either RDP 8.0 or RDP 8.1 is installed. If you do not have either of these versions of RDP installed on Windows 7 SP1 or Window Server 2008 R2 SP1, then you are not affected by this vulnerability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22029](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029>) | Windows Network File System Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\nSuccessful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22039](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039>) | Windows Network File System Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n# **Microsoft Last But Not Least**\n\nEarlier in July, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities [CVE-2022-2294](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294>) and [CVE-2022-2295](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295>). The vulnerability assigned to each of these CVEs is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>) for more information.\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released four (4) [advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 27 vulnerabilities affecting Adobe Acrobat, Character Animator, Photoshop, Reader, and RoboHelp applications. Of these 27 vulnerabilities, 18 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**; ranging in severity from a CVSS score of 6.5/10 to 7.8/10, as summarized below.\n\n\n\n* * *\n\n### [APSB22-10](<https://helpx.adobe.com/security/products/robohelp/apsb22-10.html>) | Security update available for RoboHelp\n\nThis update resolves one (1) [**_Important_** ](<https://helpx.adobe.com/security/severity-ratings.html>)vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for RoboHelp. This update resolves a vulnerability rated [important](<https://helpx.adobe.com/security/severity-ratings.html>). Successful exploitation could lead to arbitrary code execution in the context of current user. \n\n* * *\n\n### [APSB22-32](<https://helpx.adobe.com/security/products/acrobat/apsb22-32.html>) | Security update available for Adobe Acrobat and Reader\n\nThis update resolves 22 vulnerabilities; 15 **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and seven (7) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**.\n\n_**[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 2**_\n\nAdobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>), and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n### [APSB22-34](<https://helpx.adobe.com/security/products/character_animator/apsb22-34.html>) | Security Updates Available for Adobe Character Animator\n\nThis update resolves two (2) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>) _**vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Character Animator for Windows and macOS. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution.\n\n* * *\n\n### [APSB22-35](<https://helpx.adobe.com/security/products/photoshop/apsb22-35.html>) | Security update available for Adobe Photoshop\n\nThis update resolves two (2) vulnerabilities; one (1) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and one (1) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Photoshop for Windows and macOS. This update resolves a [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability and an [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n* * *\n\n# Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`91921` OR qid:`91922` OR qid:`91923` OR qid:`91924` OR qid:`91927` OR qid:`110411` OR qid:`110412` OR qid:`376725` ) \n\n\n\n* * *\n\n# Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`91921` OR qid:`91922` OR qid:`91923` OR qid:`91924` OR qid:`91927` OR qid:`110411` OR qid:`110412` OR qid:`376725` ) \n\n\n\n [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n# Qualys Monthly Webinar Series \n\n\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month&#x27;s Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities &amp; Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-12T20:09:23", "type": "qualysblog", "title": "July 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 4 Critical, plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27 Vulnerabilities with 18 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22029", "CVE-2022-22038", "CVE-2022-22039", "CVE-2022-22047", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-30190", "CVE-2022-30221"], "modified": "2022-07-12T20:09:23", "id": "QUALYSBLOG:65C282BB0F312A3AD8A043024FD3D866", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-03T20:04:30", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 63 vulnerabilities (aka flaws) in the September 2022 update, including five (5) vulnerabilities classified as **_Critical_** as they allow Remote Code Execution (RCE). This month&#x27;s Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited***** in attacks (**[CVE-2022-37969](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969>)***,[ ](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>)**[CVE-2022-23960](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23960>)**). Earlier this month, on September 1-2, 2022, Microsoft also released a total of 16 Microsoft Edge (Chromium-Based) updates, one (1) addressing a Remote Code Execution (RCE) ([CVE-2022-38012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>)) ranked _**Low**_.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service, Elevation of Privilege, Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution, and Security Feature Bypass.\n\n## **The September 2022 Microsoft Vulnerabilities are Classified as follows:**\n\n\n\n# **Notable Microsoft Vulnerabilities Patched**\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-34718](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34718>) | Windows TCP/IP Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nAn unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-34721](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721>), [CVE-2022-34722](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34722>) | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nAn unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. NOTE: This vulnerability_ only impacts IKEv1_. IKEv2 is not impacted. However, all Windows Servers are affected because they accept both V1 and V2 packets.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n# **Zero-Day Vulnerabilities Addressed**\n\nA vulnerability is classified as a zero-day if it is publicly disclosed or actively exploited with no official fix available.\n\n### [CVE-2022-37969](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969>) | Windows Common Log File System Driver Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nAn attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.\n\nAn attacker who successfully exploited this vulnerability could gain SYSTEM privileges.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n### [CVE-2022-23960](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23960>) | Windows Common Log File System Driver Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of [5.6](<https://nvd.nist.gov/vuln/detail/CVE-2022-23960>)/10.\n\n[CVE-2022-23960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960>) is regarding a vulnerability known as Spectre-BHB. MITRE created this CVE on behalf of Arm Limited.\n\nPlease see [Spectre-BHB on arm Developer](<https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB>) for more information.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): _**Exploitation Less Likely**_\n\n* * *\n\n# **Microsoft Important Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>) covers multiple Microsoft product families, including Azure, Browser, Developer Tools, [Extended Security Updates (ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>), Microsoft Dynamics, Microsoft Office, System Center, and Windows.\n\nA total of 92 unique Microsoft products/versions are affected, including but not limited to .NET, Azure Arc, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Office SharePoint, SPNEGO Extended Negotiation, Visual Studio Code, Windows Common Log File System Driver, Windows Credential Roaming Service, Windows Defender, Windows Distributed File System (DFS), Windows DPAPI (Data Protection Application Programming Interface), Windows Enterprise App Management, Windows Event Tracing, Windows Group Policy, Windows IKE Extension, Windows Kerberos, Windows Kernel, Windows LDAP - Lightweight Directory Access Protocol, Windows ODBC Driver, Windows OLE, Windows Print Spooler Components, Windows Remote Access Connection Manager, Windows TCP/IP, and Windows Transport Security Layer (TLS).\n\nDownloads include Cumulative Update, Monthly Rollup, Security Hotpatch Update, Security Only, and Security Updates.\n\n* * *\n\n### [CVE-2022-38009](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38009>) | Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nIn a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server.\n\nThe attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-26929](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26929>) | .NET Framework Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nThe word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\n\nFor example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-38007](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38007>) | Azure Guest Configuration and Azure Arc-enabled Servers Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nAn attacker who successfully exploited the vulnerability could replace Microsoft-shipped code with their own code, which would then be run as root in the context of a Guest Configuration daemon. On an Azure VM with the Guest Configuration Linux Extension installed, this would run in the context of the GC Policy Agent daemon. On an Azure Arc-enabled server, it could run in the context of the GC Arc Service or Extension Service daemons.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n## **Microsoft Edge | Last But Not Least**\n\nEarlier in September 2022, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities including [CVE-2022-38012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>). The vulnerability assigned to the CVE is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. For more information, please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>).\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>)[CVE-2022-38012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>) | Microsoft Edge (Chromium-based) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.7/10.\n\nThe word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\n\nFor example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.\n\nThis vulnerability could lead to a browser sandbox escape.\n\nSuccessful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.\n\nNOTE: [Per Microsoft&#x27;s severity guidelines](<https://www.microsoft.com/en-us/msrc/bounty-new-edge>), the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn&#x27;t allow for this type of nuance which explains why this CVE is rated as Low, but the CVSSv3.1 score is 7.7\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released seven (7) [security bulletins and advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 63 vulnerabilities affecting Adobe Animate, Bridge, Illustrator, InCopy, InDesign, Photoshop, and Experience Manager applications. Of these 63 vulnerabilities, 35 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_** and 28 rated as _****_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_****_; ranging in severity from a CVSS score of 5.3/10 to 7.8/10, as summarized below.\n\n\n\n* * *\n\n### [APSB22-40](<https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html>) | Security Update Available for Adobe Experience Manager\n\nThis update resolves 11 [_****__****_](<https://helpx.adobe.com/security/severity-ratings.html>)_****_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_****_ vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released updates for Adobe Experience Manager (AEM). These updates resolve vulnerabilities rated [Important](<https://helpx.adobe.com/security/severity-ratings.html>). Successful exploitation of these vulnerabilities could result in arbitrary code execution and security feature bypass.\n\n* * *\n\n### [APSB22-49](<https://helpx.adobe.com/security/products/bridge/apsb22-49.html>) | Security Update Available for Adobe Bridge\n\nThis update resolves 12 vulnerabilities:\n\n * Ten (10) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): _3\n\nAdobe has released a security update for Adobe Bridge. This update addresses [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-50](<https://helpx.adobe.com/security/products/indesign/apsb22-50.html>) | Security Update Available for Adobe InDesign\n\nThis update resolves 18 vulnerabilities:\n\n * Eight (8) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Ten (10) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): _3\n\nAdobe has released a security update for Adobe InDesign. This update addresses multiple [critical ](<https://helpx.adobe.com/security/severity-ratings.html>)and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system read, and memory leak.\n\n* * *\n\n### [APSB22-52](<https://helpx.adobe.com/security/products/photoshop/apsb22-52.html>) | Security Update Available for Adobe Photoshop\n\nThis update resolves ten (10) vulnerabilities:\n\n * Nine (9) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * One (1) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Photoshop for Windows and macOS. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-53](<https://helpx.adobe.com/security/products/incopy/apsb22-53.html>) | Security Update Available for Adobe InCopy\n\nThis update resolves seven (7) vulnerabilities:\n\n * Five (5) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe InCopy. This update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n### [APSB22-54](<https://helpx.adobe.com/security/products/animate/apsb22-54.html>) | Security Update Available for Adobe Animate\n\nThis update resolves two (2) [](<https://helpx.adobe.com/security/severity-ratings.html>)[_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Animate. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n\n* * *\n\n### [APSB22-55](<https://helpx.adobe.com/security/products/illustrator/apsb22-55.html>) | Security Update Available for Adobe Illustrator\n\nThis update resolves three (3) vulnerabilities:\n\n * One (1) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Illustrator 2022. This update resolves [critical ](<https://helpx.adobe.com/security/severity-ratings.html>)and [important ](<https://helpx.adobe.com/security/severity-ratings.html>)vulnerabilities that could lead to arbitrary code execution and memory leak.\n\n* * *\n\n# **About Qualys Patch Tuesday**\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by Noon on Wednesday.\n\n* * *\n\n## Qualys [Threat Protection](<https://www.qualys.com/apps/threat-protection/>) High-Rated Advisories from August to September 2022 Patch Tuesday Advisory\n\n_Sorted in Descending Order_\n\n * [Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday September 2022 Edition](<https://threatprotect.qualys.com/2022/09/14/microsoft-patches-vulnerabilities-79-including-16-microsoft-edge-chromium-based-with-2-zero-days-and-5-critical-in-patch-tuesday-september-2022-edition/>)\n * [Google Chrome Releases Fix for the Zero-day Vulnerability (CVE-2022-3075)](<https://threatprotect.qualys.com/2022/08/10/microsoft-patches-121-vulnerabilities-with-two-zero-days-and-17-critical-plus-20-microsoft-edge-chromium-based-in-august-2022-patch-tuesday/>)\n * [Atlassian Bitbucket Server and Data Center Command Injection Vulnerability (CVE-2022-36804)](<https://threatprotect.qualys.com/2022/08/29/atlassian-bitbucket-server-and-data-center-command-injection-vulnerability-cve-2022-36804/>)\n * [GitLab Patches Critical Remote Command Execution Vulnerability (CVE-2022-2884)](<https://threatprotect.qualys.com/2022/08/25/gitlab-patches-critical-remote-command-execution-vulnerability-cve-2022-2884/>)\n * [Apple Releases Security Updates to patch two Zero-Day Vulnerabilities (CVE-2022-32893 and CVE-2022-32894)](<https://threatprotect.qualys.com/2022/08/18/apple-releases-security-updates-to-patch-two-zero-day-vulnerabilities-cve-2022-32893-and-cve-2022-32894/>)\n * [Google Chrome Zero-Day Insufficient Input Validation Vulnerability (CVE-2022-2856)](<https://threatprotect.qualys.com/2022/08/18/google-chrome-zero-day-insufficient-input-validation-vulnerability-cve-2022-2856/>)\n * [Palo Alto Networks (PAN-OS) Reflected Amplification Denial-of-Service (DoS) Vulnerability (CVE-2022-0028)](<https://threatprotect.qualys.com/2022/08/16/palo-alto-networks-pan-os-reflected-amplification-denial-of-service-dos-vulnerability-cve-2022-0028/>)\n * [Microsoft Patches 121 Vulnerabilities with Two Zero-days and 17 Critical; Plus 20 Microsoft Edge (Chromium-Based) in August 2022 Patch Tuesday](<https://threatprotect.qualys.com/2022/08/10/microsoft-patches-121-vulnerabilities-with-two-zero-days-and-17-critical-plus-20-microsoft-edge-chromium-based-in-august-2022-patch-tuesday/>)\n * [VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, &amp; CVE-2022-31675)](<https://threatprotect.qualys.com/2022/08/10/vmware-vrealize-operations-multiple-vulnerabilities-patched-in-the-latest-security-update-cve-2022-31672-cve-2022-31673-cve-2022-31674-cve-2022-31675/>)\n\n* * *\n\n## Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`91937` OR qid:`91938` OR qid:`91939` OR qid:`91940` OR qid:`91941` OR qid:`91942` OR qid:`91943` OR qid:`91944` OR qid:`91945` OR qid:`91946` OR qid:`91947` OR qid:`110415` OR qid:`110416` OR qid:`377590` ) \n\n\n\n [Qualys VMDR Recognized as Best VM Solution by SC Awards 2022 &amp; Leader by GigaOm](<https://blog.qualys.com/product-tech/2022/08/22/qualys-vmdr-recognized-as-best-vm-solution-by-sc-awards-2022-leader-by-gigaom>) **_New_**\n\n [A Deep Dive into VMDR 2.0 with Qualys TruRisk\u2122](<https://blog.qualys.com/product-tech/2022/08/08/a-deep-dive-into-vmdr-2-0-with-qualys-trurisk>)\n\n* * *\n\n## Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches with one click.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`91937` OR qid:`91938` OR qid:`91939` OR qid:`91940` OR qid:`91941` OR qid:`91942` OR qid:`91943` OR qid:`91944` OR qid:`91945` OR qid:`91946` OR qid:`91947` OR qid:`110415` OR qid:`110416` OR qid:`377590` ) \n\n\n\n [Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications](<https://blog.qualys.com/qualys-insights/2022/09/08/let-smart-automation-reduce-the-risk-of-zero-day-attacks-on-third-party-applications-2>) **_New_**\n\n [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n## Evaluate Vendor-Suggested Workarounds with [Policy Compliance](<https://www.qualys.com/forms/policy-compliance/>)\n\nQualys\u2019 [Policy Compliance Control Library](<https://vimeo.com/700790353>) makes it easy to evaluate your technology infrastructure when the current situation requires the implementation of a vendor-suggested workaround. A workaround is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn&#x27;t working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. _ [Source](<https://www.techtarget.com/whatis/definition/workaround>)_\n\nThe following Qualys [Policy Compliance Control IDs (CIDs), and System Defined Controls (SDC) ](<https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/module_pc/controls/controls_lp.htm>)have been updated to support Microsoft recommended workaround for this Patch Tuesday:\n\n#### [CVE-2022-38007](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38007>)** | Azure Guest Configuration and Azure Arc-enabled Servers Elevation of Privilege (EoP) Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nPolicy Compliance Control IDs (CIDs) for Checking Azure Arc-Enabled Servers on Linux:\n\n * **14112**: Status of the services installed on the Linux/UNIX host (stopped, running, failed, dead, \u2026) \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n#### [CVE-2022-34718](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34718>)**** | ****Windows TCP/IP Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **3720**: Status of the &#x27;IPSEC Services&#x27; service\n * **14916**: Status of Windows Services \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n#### [CVE-2022-35838](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35838>)****** | **HTTP V3 Denial of Service (DoS) Vulnerability****\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **24717**: Status of the &#x27;HTTP/3&#x27; service\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n#### [CVE-2022-33679 ](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33679>), [CVE-2022-33647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33647>)**** | **Windows Kerberos Elevation of Privilege (EoP) Vulnerability**\n\nThese vulnerabilities have a CVSSv3.1 score of 8.1/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **17108**: Status of the &#x27;KDC support for claims, compound authentication and Kerberos armoring&#x27; setting (Enabled / Disabled)\n * **17109**: Status of the &#x27;Kerberos client support for claims, compound authentication and Kerberos armoring&#x27; setting\n * **17197**: Status of the &#x27;KDC support for claims, compound authentication, and Kerberos armoring&#x27; setting\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n#### [CVE-2022-38004](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38004>) **| Windows Network File System Remote Code Execution (RCE) Vulnerability** \n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **1161**: Status of the &#x27;Fax&#x27; service\n * **14916**: Status of Windows Services\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\nThe following QQL will return a posture assessment for the CIDs for this Patch Tuesday:\n \n \n control:( id:`1161` OR id:`3720` OR id:`14112` OR id:`14916` OR id:`14916` OR id:`17108` OR id:`17108` OR id:`17109` OR id:`17109` OR id:`17197` OR id:`17197` OR id:`24717` ) \n\n\n\n [Mitigating the Risk of Zero-Day Vulnerabilities by using Compensating Controls](<https://blog.qualys.com/vulnerabilities-threat-research/2022/08/23/mitigating-the-risk-of-zero-day-vulnerabilities-by-using-compensating-controls>) **_New_**\n\n [Policy Compliance (PC) | Policy Library Update Blogs](<https://notifications.qualys.com/tag/policy-library>)\n\n* * *\n\n**Patch Tuesday is Complete.**\n\n* * *\n\n# Qualys [This Month in Vulnerabilities and Patches](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>) Webinar Series \n\n\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month&#x27;s Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities &amp; Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)\n\n* * *\n\n## NEW &amp; NOTEWORTHY UPCOMING EVENTS\n\nThe content within this section will spotlight Vulnerability Management, Patch Management, Threat Protections, and Policy Compliance adjacent events available to our new and existing customers.\n\n* * *\n\n[WEBINARS](<https://gateway.on24.com/wcc/eh/3347108/category/91385/upcoming-webinars>)\n\n## [Introducing Qualys Threat Thursdays](<https://blog.qualys.com/vulnerabilities-threat-research/2022/09/01/introducing-qualys-threat-research-thursdays>)\n\n\n\nThe **Qualys Research Team** announces the first in a series of regular monthly webinars covering the latest threat intelligence analysis and insight. Join us each month for Threat Thursdays, where we will zero in on a specific malware or other exploit observed in the wild\u2026 and how to defend against it.\n\nPlease join us for the first [Threat Thursdays](<https://event.on24.com/wcc/r/3925198/52A4000CBD17D2B16AFD5F56B3C9D15A>) monthly webinar where the Qualys Threat Research Team will present the latest threat intelligence\u2026 each and every month! \n\nTo quickly navigate to Threat Thursday blog posts, please use <https://blog.qualys.com/tag/threat-thursday>\n\n* * *\n\n[CONFERENCES](<https://www.qualys.com/qsc/locations/>)\n\n[](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821>)[Register Now](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821>)\n\n## [Qualys Annual Security Conference](<https://www.qualys.com/qsc/get-notified/#las-vegas/>) #QSC22\n\nNovember 7-10, 2022 \n\nThe Venetian Resort Las Vegas, 3355 Las Vegas Blvd. South, Las Vegas, NV 89109, US\n\n[Book your hotel here](<https://book.passkey.com/gt/218594637?gtid=9914abda1b2fe722d872e0ac3e0bdc09>) &amp; take advantage of the discounted QSC rate of $229+ per night\n\nOr find a conference [near you](<https://www.qualys.com/qsc/locations/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T20:00:00", "type": "qualysblog", "title": "September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities with 5 Critical, plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities with 35 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0028", "CVE-2022-22047", "CVE-2022-23960", "CVE-2022-26929", "CVE-2022-2856", "CVE-2022-2884", "CVE-2022-30134", "CVE-2022-3075", "CVE-2022-31672", "CVE-2022-31673", "CVE-2022-31674", "CVE-2022-31675", "CVE-2022-32893", "CVE-2022-32894", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-35838", "CVE-2022-36804", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38007", "CVE-2022-38009", "CVE-2022-38012"], "modified": "2022-09-13T20:00:00", "id": "QUALYSBLOG:DE2E40D3BB574E53C7448F3A304849C9", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-08-13T16:15:16", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiOTFfjdzI6BxlMGVqOYdMZInBX6v1uUwksEPq02Vmc8CaGff1La_jrz3Guok3LsuDryJGYZaBlMcpTTDVEnACkrudTS2Kbr5stlqs1IPkIZC3sK3Z9nbnndimw5Diu_FFkitgRbk8pS_WHIainQnT7v1GJ9-IxDiYU-rhtC0dpt_-QaMUM9vh4CsUe/s728-e100/bootloader.jpg>)\n\nA security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface ([UEFI](<https://en.wikipedia.org/wiki/UEFI>)) boot loaders that allow bypass of the UEFI Secure Boot feature.\n\n\"These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader instead of the existing one,\" hardware security firm Eclypsium [said](<https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022>) in a report shared with The Hacker News.\n\nThe following [vendor-specific boot loaders](<https://kb.cert.org/vuls/id/309662>), which were signed and authenticated by Microsoft, have been found vulnerable to the bypass and have been patched as part of the tech giant's [Patch Tuesday update](<https://thehackernews.com/2022/08/microsoft-issues-patches-for-121-flaws.html>) released this week -\n\n * Eurosoft Boot Loader ([CVE-2022-34301](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34301>))\n * New Horizon Data Systems Inc Boot Loader ([CVE-2022-34302](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34302>)), and\n * Crypto Pro Boot Loader ([CVE-20220-34303](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34303>))\n\nSecure Boot is a [security standard](<https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-secure-boot>) designed to thwart malicious programs from loading when a computer starts up (boots) and ensure only the software that is trusted by the Original Equipment Manufacturer (OEM) is launched.\n\n\"The firmware boot loaders boot the UEFI environment and hands over control to UEFI applications written by the SoC vendor, Microsoft, and OEMs,\" Microsoft [notes](<https://docs.microsoft.com/en-us/windows-hardware/drivers/bringup/boot-and-uefi>) in its documentation. \"The UEFI environment launches the Windows Boot Manager, which determines whether to boot to Full Flash Update (FFU) image flashing or device reset mode, to the update OS, or to the main OS.\"\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj0KiXfCZpGUNDe4cHiRS5wgEY-34NpfN1PrLm7mC8ZWq6-QtMO6uCsfId8hWYoapUykp4vMwSSXNityVgwVCpS5TEbH3dHHuaxz3O_E9NTeg4hJeXCwnrWIHx2tftRqpYbe9T_4af6LJLQjJTVYsCmuIGsGVboYDHfBg9HVRK5HyRr1YfZITxfGAlL/s728-e100/exploit.jpg>)\n\nIn a nutshell, [successful exploitation of the flaws](<https://support.microsoft.com/en-us/topic/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15>) identified by Eclypsium could permit an adversary to circumvent security guardrails at startup and execute arbitrary unsigned code during the boot process.\n\nThis can have further knock-on effects, enabling a bad actor to gain entrenched access and [establish persistence](<https://thehackernews.com/2022/07/experts-uncover-new-cosmicstrand-uefi.html>) on a host through in a manner that can survive operating system reinstalls and hard drive replacements, not to mention completely bypassing detection by security software.\n\nCalling CVE-2022-34302 \"far more stealthy,\" Eclypsium noted the New Horizon Datasys vulnerability is not only trivial to exploit in the wild, but can also \"enable even more complex evasions such as disabling security handlers.\"\n\nSecurity handlers, for instance, can [include](<https://docs.microsoft.com/en-us/azure/security/fundamentals/measured-boot-host-attestation>) Trusted Platform Module (TPM) measurements and signature checks, Eclypsium researchers Mickey Shkatov and Jesse Michael said. \n\nIt's worth noting that exploiting these vulnerabilities requires an attacker to have administrator privileges, although gaining local privilege escalation is not considered insurmountable owing to the fact that Microsoft doesn't treat User Account Control ([UAC](<https://en.wikipedia.org/wiki/User_Account_Control>)) bypass as a [security risk](<https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria>).\n\n\"Much like [BootHole](<https://thehackernews.com/2020/07/grub2-bootloader-vulnerability.html>), these vulnerabilities highlight the challenges of ensuring the boot integrity of devices that rely on a complex supply chain of vendors and code working together,\" the researchers concluded, adding \"these issues highlight how simple vulnerabilities in third-party code can undermine the entire process.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-08-12T20:02:00", "type": "thn", "title": "Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2022-08-13T12:24:29", "id": "THN:659E57C980959B9830361E6D3C4D2687", "href": "https://thehackernews.com/2022/08/researchers-uncover-uefi-secure-boot.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-04T05:59:45", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjun5eobsVZAz8kf9PH1Mlu6L4W0zIWsFkoLCfVFb29BqcMumYoF_hofLnOnaB2EwK5zg7hnR7TIGCLFwpE1uASy16eYkYPuoG-BBPennLlXRcPueiAsNAgAV0fPTA9-dDmVJ0don0t593eGP_Rn4u5SQmrnvzvtijnQziuInpSSWSMmU0XmLHL3rCR/s728-e100/cisco.jpeg>)\n\nCisco on Wednesday rolled out patches to address [eight security vulnerabilities](<https://tools.cisco.com/security/center/publicationListing.x>), three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices.\n\nThe most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers. Tracked as CVE-2022-20842 (CVSS score: 9.8), the weakness stems from an insufficient validation of user-supplied input to the web-based management interface of the appliances.\n\n\"An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device,\" Cisco [said](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR>) in an advisory. \"A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition.\"\n\nA second shortcoming relates to a command injection vulnerability residing in the routers' web filter database update feature (CVE-2022-20827, CVSS score: 9.0), which could be exploited by an adversary to inject and execute arbitrary commands on the underlying operating system with root privileges.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjjGgW-S5pmDYrMQYMRl6RA5nsOg1xp9oWyhbZq9r3gYyijov2WP78FUDE0uknn9Sf5GpeNUkhHnPvn0F6Q-ohnxnZ6Y8Eb6zqWd6TkUhp8iqIVYwWHnlgsMLBcCYCQ27gqZPIrwgLHZ5lT36PTOnVP55ykxMYjhANDkbOGjjvcbGzo3PCre2OugY7j/s728-e100/ROUTERS.jpg>)\n\nThe third router-related flaw to be resolved (CVE-2022-20841, CVSS score: 8.0) is also a command injection bug in the [Open Plug-n-Play](<https://developer.cisco.com/site/open-plug-n-play/discover/overview/>) (PnP) module that could be abused by sending a malicious input to achieve code execution on the targeted Linux host.\n\n\"To exploit this vulnerability, an attacker must leverage a man-in-the-middle position or have an established foothold on a specific network device that is connected to the affected router,\" the networking equipment maker noted.\n\nAlso patched by Cisco are five medium security flaws affecting Webex Meetings, Identity Services Engine, Unified Communications Manager, and BroadWorks Application Delivery Platform.\n\nThe company offered no workarounds to remediate the issues, adding there is no evidence of these vulnerabilities being exploited in the wild. That said, customers are recommended to move quickly to apply the updates.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-08-04T05:11:00", "type": "thn", "title": "Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-20827", "CVE-2022-20841", "CVE-2022-20842"], "modified": "2022-08-04T05:11:25", "id": "THN:903DA191DF3BA66EAAE7A8394E69A740", "href": "https://thehackernews.com/2022/08/cisco-business-routers-found-vulnerable.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-11T10:01:52", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgzvxB2K_EqWauP8RXXDGq8L8wGV4BI0Hng-GkPQGun_flvTywSZzmrfPAZGEHV9NomsUUWuONQ52aAAzOwgK8sxLTUgtdoQKwqrW76TtntBfvotW8Mfjv3CmeeU9Y-EKc7DfEq1XpzFrQCH0z6Yusx4f24nFKK1y4MNbsku2j_Rz-7d-Zk32cfR8pQ/s728-e100/patch-tuesday.jpg>)\n\nAs many as [121 new security flaws](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug>) were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild.\n\nOf the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues have been listed as publicly known at the time of the release.\n\nIt's worth noting that the 121 security flaws are in addition to [25 shortcomings](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) the tech giant addressed in its Chromium-based Edge browser late last month and the previous week.\n\nTopping the list of patches is [CVE-2022-34713](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713>) (CVSS score: 7.8), a case of remote code execution affecting the Microsoft Windows Support Diagnostic Tool (MSDT), making it the second flaw in the same component after [Follina](<https://thehackernews.com/2022/07/hackers-exploiting-follina-bug-to.html>) (CVE-2022-30190) to be weaponized in [real-world attacks](<https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/>) within three months.\n\nThe vulnerability is also said to be a variant of the flaw publicly known as [DogWalk](<https://thehackernews.com/2022/06/researchers-warn-of-unpatched-dogwalk.html>), which was originally disclosed by security researcher Imre Rad in January 2020.\n\n\"Exploitation of the vulnerability requires that a user open a specially crafted file,\" Microsoft said in an advisory. \"In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.\"\n\nAlternatively, an attacker could host a website or leverage an already compromised site that contains a malware-laced file designed to exploit the vulnerability, and then trick potential targets into clicking on a link in an email or an instant message to open the document.\n\n\"This is not an uncommon vector and malicious documents and links are still used by attackers to great effect,\" Kev Breen, director of cyber threat research at Immersive Labs, said. \"It underscores the need for upskilling employees to be wary of such attacks.\"\n\nCVE-2022-34713 is one of the two remote code execution flaws in MSDT closed by Redmond this month, the other being [CVE-2022-35743](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35743>) (CVSS score: 7.8). Security researchers Bill Demirkapi and Matt Graeber have been credited with reporting the vulnerability.\n\nMicrosoft also resolved three privilege escalation flaws in Exchange Server that could be abused to read targeted email messages and download attachments ([CVE-2022-21980](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980>), [CVE-2022-24477](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477>), and [CVE-2022-24516](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516>)) and one publicly-known information disclosure vulnerability ([CVE-2022-30134](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>)) in Exchange which could as well lead to the same impact.\n\n\"Administrators should enable [Extended Protection](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862>) in order to fully remediate this vulnerability,\" Greg Wiseman, product manager at Rapid7, commented about CVE-2022-30134.\n\nThe security update further remediates multiple remote code execution flaws in Windows Point-to-Point Protocol (PPP), Windows Secure Socket Tunneling Protocol (SSTP), Azure RTOS GUIX Studio, Microsoft Office, and Windows Hyper-V.\n\nThe Patch Tuesday fix is also notable for addressing dozens of privilege escalation flaws: 31 in Azure Site Recovery, a month after Microsoft [squashed 30 similar bugs](<https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html>) in the business continuity service, five in Storage Spaces Direct, three in Windows Kernel, and two in the Print Spooler module.\n\n### Software Patches from Other Vendors\n\nAside from Microsoft, security updates have also been released by other vendors since the start of the month to rectify several vulnerabilities, including \u2014\n\n * [Adobe](<https://helpx.adobe.com/security/security-bulletin.html>)\n * [AMD](<https://www.amd.com/en/corporate/product-security>)\n * [Android](<https://source.android.com/security/bulletin/2022-08-01>)\n * [Apache Projects](<https://blogs.apache.org/foundation/date/20220805>)\n * [Cisco](<https://thehackernews.com/2022/08/cisco-business-routers-found-vulnerable.html>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * [Dell](<https://www.dell.com/support/security/>)\n * [F5](<https://support.f5.com/csp/article/K14649763>)\n * [Fortinet](<https://www.fortiguard.com/psirt?date=08-2022>)\n * [GitLab](<https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/>)\n * [Google Chrome](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html>)\n * [HP](<https://support.hp.com/us-en/security-bulletins>)\n * [IBM](<https://www.ibm.com/blogs/psirt/>)\n * [Intel](<https://www.intel.com/content/www/us/en/security-center/default.html>)\n * Linux distributions [Debian](<https://www.debian.org/security/2022/>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21::::RP::>), [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=PortalProduct>), [SUSE](<https://www.suse.com/support/update/>), and [Ubuntu](<https://ubuntu.com/security/notices>)\n * [MediaTek](<https://corp.mediatek.com/product-security-bulletin/August-2022>)\n * [NVIDIA](<https://www.nvidia.com/en-us/security/>)\n * [Palo Alto Networks](<https://security.paloaltonetworks.com/>)\n * [Qualcomm](<https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2022-bulletin.html>)\n * [Samba](<https://www.samba.org/samba/history/>)\n * [SAP](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp>)\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>), and\n * [VMware](<https://www.vmware.com/security/advisories.html>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-10T06:12:00", "type": "thn", "title": "Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21980", "CVE-2022-24477", "CVE-2022-24516", "CVE-2022-30134", "CVE-2022-30190", "CVE-2022-34713", "CVE-2022-35743"], "modified": "2022-08-11T08:22:02", "id": "THN:6C7E32993558CB9F19CAE15C18522582", "href": "https://thehackernews.com/2022/08/microsoft-issues-patches-for-121-flaws.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-29T03:59:30", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjkxSAMgSsFZhb4DyOrv7jlV3A4nb55euT83HxRQMejOiw7UHuT9uTYns_ngLd4U6KF7vN-KarRobTWnwkATG6Q2ql1xpYPHfSvB-iJn8pY0T3rfaRpCwyerROalVbwZK4317SC19907zo6BS65jDRzsVx18rjEfxA_oVj6wzdoEkyJJAI4Q1JxsbJl/s728-e100/Atlassian-Confluence.jpg>)\n\nA week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild.\n\nThe bug in question is [CVE-2022-26138](<https://thehackernews.com/2022/07/atlassian-releases-patch-for-critical.html>), which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain unrestricted access to all pages in Confluence.\n\nThe real-world exploitation follows the release of the hard-coded credentials on Twitter, prompting the Australian software company to prioritize patches to mitigate potential threats targeting the flaw.\n\n\"Unsurprisingly, it didn't take long [...] to observe exploitation once the hard-coded credentials were released, given the high value of Confluence for attackers who often jump on Confluence vulnerabilities to execute ransomware attacks,\" Rapid7 security researcher Glenn Thorpe [said](<https://www.rapid7.com/blog/post/2022/07/27/active-exploitation-of-atlassians-questions-for-confluence-app-cve-2022-26138/>).\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgQF8uoUiufKEleM-yHfQ0lN3WghNEStj2b_QKvuWRV2YnIQm1QmcjsY7RPKKQWQgQ1fuvJ67SI7p4fiY6xW052wY4BZC3Wi5JyVU3EL-XCESStOGZLE2kSoL9gGC-Mz_xbNZ5SrfcW22ED9SF4L5pJUBB1xCQn5zYlws4mPxknxGGYChZ9xJ4m625R/s728-e100/app.jpg>)\n\nIt's worth noting that the bug only exists when the Questions for Confluence app is enabled. That said, uninstalling the Questions for Confluence app does not remediate the flaw, as the created account does not get automatically removed after the app has been uninstalled.\n\nUsers of the affected product are advised to update their on-premise instances to the latest versions (2.7.38 and 3.0.5) as soon as possible, or take steps to disable/delete the account.\n\nThe development also arrives as Palo Alto Networks, in its [2022 Unit 42 Incident Response Report](<https://www.paloaltonetworks.com/unit42/2022-incident-response-report>), found that threat actors are scanning for vulnerable endpoints within 15 minutes of public disclosure of a new security flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-07-29T03:19:00", "type": "thn", "title": "Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-26138"], "modified": "2022-07-29T03:22:24", "id": "THN:49CD77302B5D845459BA34357D9C011C", "href": "https://thehackernews.com/2022/07/latest-critical-atlassian-confluence.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-02T07:00:49", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiEecCIZ-XaRJ4zcsuHaTxv40ceAY7a-zwUbCwG5pavcIkynNfkEL5b0bk3LuyI1j93_OpxDVhmeq2JIDgf2F5gePc20N6z3BLfb8ACE-Hs8BRt0o_lGbsdvT1pJhsBkfeBjvP-oakItq7nm9H28Bo9TQREhjN8EA14vZTuUU3vCCGPWgZ9DEstAMmf/s728-e100/cisa.jpg>)\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday [added](<https://www.cisa.gov/uscert/ncas/current-activity/2022/07/29/cisa-adds-one-known-exploited-vulnerability-catalog>) the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.\n\nThe vulnerability, tracked as [CVE-2022-26138](<https://thehackernews.com/2022/07/atlassian-releases-patch-for-critical.html>), concerns the use of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Data Center instances.\n\n\"A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group,\" CISA [notes](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) in its advisory.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj0HlXLLx13DKw6KdL9aiyLzkfseKk26WHbECW9EuVAK8HemGF60r4yqvMLbBNmg2C7pxYyzORkxlDkvZNDNlX8XiSd69Eafk_2BLHONWx_a48pMVrF_79sQCg0dubLIL_rH6rjdVuD0lmtcPt11KVakdJCUlX6MSu833QUV4IexS8mTDkDoUAvH8HUaA/s728-e100/cisa.jpg>)\n\nDepending on the page restrictions and the information a company has in Confluence, successful exploitation of the shortcoming could lead to the disclosure of sensitive information.\n\nAlthough the bug was addressed by the Australian software company last week in versions 2.7.38 and 3.0.5, it has since come [under active exploitation](<https://thehackernews.com/2022/07/latest-critical-atlassian-confluence.html>), cybersecurity firm Rapid7 disclosed this week.\n\n\"Exploitation efforts at this point do not seem to be very widespread, though we expect that to change,\" Erick Galinkin, principal AI researcher at Rapid7, told The Hacker News.\n\n\"The good news is that the vulnerability is in the Questions for Confluence app and _not_ in Confluence itself, which reduces the attack surface significantly.\"\n\nWith the flaw now added to the catalog, Federal Civilian Executive Branch (FCEB) in the U.S. are mandated to apply patches by August 19, 2022, to reduce their exposure to cyberattacks.\n\n\"At this point, the vulnerability has been public for a relatively short amount of time,\" Galinkin noted. \"Coupled with the absence of meaningful post-exploitation activity, we don't yet have any threat actors attributed to the attacks.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-07-30T03:54:00", "type": "thn", "title": "CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-26138"], "modified": "2022-08-02T06:42:46", "id": "THN:908A39F901145B6FD175B16E95137ACC", "href": "https://thehackernews.com/2022/07/cisa-warns-of-atlassian-confluence-hard.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T10:20:50", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjKx6lnebkMoVxrD6i2a9kHJMAK5StxF6UxajtGC-QKg5H7keNnKCBTpf-Bd8WwGeUEEfMG2Ggx08MrkhJWyUl22L9HcF5u4bQjfUVvL0VUOr0pFg3D_XL31sY-zLG7VDiFGPVTewvqYAqdOJK9m6gUKqO6V3YHg5ylRQkhbSZxgEioqOxwvUsuvejm/s728-e365/hackers.jpg>)\n\nGovernment and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named **GoldenJackal**.\n\nRussian cybersecurity firm Kaspersky, which has been [keeping tabs](<https://securelist.com/goldenjackal-apt-group/109677/>) on the group's activities since mid-2020, characterized the adversary as both capable and stealthy.\n\nThe targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey, infecting victims with tailored malware that steals data, propagates across systems via removable drives, and conducts surveillance.\n\nGoldenJackal is suspected to have been active for at least four years, although little is known about the group. Kaspersky said it has been unable to determine its origin or affiliation with known threat actors, but the actor's modus operandi suggests an espionage motivation.\n\nWhat's more, the threat actor's attempts to maintain a low profile and disappear into the shadows bears all the hallmarks of a state-sponsored group.\n\nThat said, some tactical overlaps have been observed between the threat actor and [Turla](<https://thehackernews.com/2023/05/us-government-neutralizes-russias-most.html>), one of Russia's [elite nation-state hacking crews](<https://www.wired.com/story/turla-history-russia-fsb-hackers/>). In one instance, a victim machine was infected by Turla and GoldenJackal two months apart.\n\nThe exact initial path employed to breach targeted computers is unknown at this stage, but evidence gathered so far points to the use of trojanized Skype installers and malicious Microsoft Word documents.\n\nWhile the installer serves as a conduit to deliver a .NET-based trojan called JackalControl, the Word files have been observed weaponizing the [Follina vulnerability](<https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html>) ([CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>)) to drop the same malware.\n\nJackalControl, as the name indicates, enables the attackers to remotely commandeer the machine, execute arbitrary commands, as well as upload and download from and to the system.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhX4xXiopFD7kY0eMtwKUzmwJ9yEJOldW4unujyer5BqYZeccOBwGgencFn_P38MZTiYFquMCRF-Tq9hIhEX_z6Bx9TsPJeRsdYa-u1HfL4Zg61fkA2fhI9LUcVFR15RcFLUjeJ8LaLYUwCemRwCs3NNZd2s0vIxG8CfsS2UKdhaI06y7bRDpciT7mE/s728-e365/map.jpg>) \n--- \nGeography of victims \n \nSome of the other malware families deployed by GoldenJackal are as follows -\n\n * **JackalSteal** \\- An implant that's used to find files of interest, including those located in removable USB drives, and transmit them to a remote server.\n * **JackalWorm** \\- A worm that's engineered to infect systems using removable USB drives and install the JackalControl trojan.\n * **JackalPerInfo** \\- A malware that comes with features to harvest system metadata, folder contents, installed applications, and running processes, and credentials stored in web browser databases.\n * **JackalScreenWatcher** \\- A utility to grab screenshots based on a preset time interval and send them to an actor-controlled server.\n\nAnother notable aspect of the threat actor is its reliance on hacked WordPress sites as a relay to forward web requests to the actual command-and-control (C2) server by means of a rogue PHP file injected into the websites.\n\n\"The group is probably trying to reduce its visibility by limiting the number of victims,\" Kaspersky researcher Giampaolo Dedola said. \"Their toolkit seems to be under development \u2013 the number of variants shows that they are still investing in it.\"\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-23T15:30:00", "type": "thn", "title": "GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-05-24T06:25:07", "id": "THN:1B983787EB2BA5D0757F1F83458B7ABE", "href": "https://thehackernews.com/2023/05/goldenjackal-new-threat-group-targeting.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-22T06:04:11", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgn45Ck6vqDFvA2leDePKdPhlDH1ahczKEX1G7NW9CKxteJGkz3l_Dxpmjd1SnrDkHKguss5We9LWuDgnHlJuns2KL7DwAsl-xMBxv1S1VLDsBEjacQCutkUNEQVeTllKkGd_8PyVCTLk6MOVTWU_e_tEHf4dzp7n647bD1HgoUG5tWMG9ax-DFlaWb/s728-e100/russian-hackers.jpg>)\n\nA threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show.\n\nRecorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as [Colibri loader](<https://thehackernews.com/2022/04/us-offers-10-million-bounty-for.html>) and [Warzone RAT](<https://malpedia.caad.fkie.fraunhofer.de/details/win.ave_maria>).\n\nThe attacks are said to be an expansion of the [same campaign](<https://cert.gov.ua/article/405538>) that previously distributed [DCRat](<https://thehackernews.com/2022/05/experts-sound-alarm-on-dcrat-backdoor.html>) (or DarkCrystal RAT) using phishing emails with legal aid-themed lures against providers of telecommunications in Ukraine.\n\nSandworm is a [destructive Russian threat group](<https://thehackernews.com/2020/10/russian-hackers.html>) that's best known for carrying out attacks such as the 2015 and 2016 targeting of Ukrainian electrical grid and 2017's NotPetya attacks. It's confirmed to be Unit 74455 of Russia's GRU military intelligence agency.\n\nThe adversarial collective, also known as Voodoo Bear, sought to damage high-voltage electrical substations, computers and networking equipment for the third time in Ukraine earlier this April through a [new variant of a piece of malware](<https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html>) known as Industroyer.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjXC-uZjCaOE_yV1Ns_wdImLvY7yyJYACWqNQeg20fPXqv5CKuqxWQe7J6SuIaEJEfGFj1kYATlPbZUZfu1WcJ3BKgFQldFDoa_8Ak0IbRePTyHl5roYnEv5BqaJPBWNSFWwm2IRfiLxEPXIK6b1T9KLchmrOrOYDES07WewyUwSgVt1Ma91-35cy2g/s728-e100/link.jpg>)\n\nRussia's invasion of Ukraine has also had the group unleash numerous other attacks, including [leveraging the Follina vulnerability](<https://thehackernews.com/2022/07/russian-hackers-tricked-ukrainians-with.html>) (CVE-2022-30190) in the Microsoft Windows Support Diagnostic Tool (MSDT) to breach media entities in the Eastern European nation.\n\nIn addition, it was uncovered as the mastermind behind a new modular botnet called [Cyclops Blink](<https://thehackernews.com/2022/04/fbi-shut-down-russia-linked-cyclops.html>) that enslaved internet-connected firewall devices and routers from WatchGuard and ASUS.\n\nThe U.S. government, for its part, has announced up to [$10 million in rewards](<https://thehackernews.com/2022/04/us-offers-10-million-bounty-for.html>) for information on six hackers associated with the APT group for participating in malicious cyber activities against critical infrastructure in the country.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhqC088Qg7YBtg3UXFBJalDCP6mVfxKfvjY5yNkkSnaAzijWLnHr-5hw8ZRAGsRo2kw_2ahBrMMxkklXzZZWQwTk1RdkJ62o6UmJjDK99d2kflQJO76hiDcGt0eVnK9HwdB4v6gYy3p6HhbHfT-i8shyoNIyTsvC0moN0M6dNQGjqFBw-pTH9Rg6yvA/s728-e100/hack.jpg>)\n\n\"A transition from DarkCrystal RAT to Colibri Loader and Warzone RAT demonstrates UAC-0113's broadening but continuing use of publicly available commodity malware,\" Recorded Future [said](<https://www.recordedfuture.com/russia-nexus-uac-0113-emulating-telecommunication-providers-in-ukraine>).\n\nThe attacks entail the fraudulent domains hosting a web page purportedly about \"Odesa Regional Military Administration,\" while an encoded ISO image payload is stealthily deployed via a technique referred to as [HTML smuggling](<https://thehackernews.com/2021/11/hackers-increasingly-using-html.html>).\n\nHTML smuggling, as the name goes, is an evasive malware delivery technique that leverages legitimate HTML and JavaScript features to distribute malware and get around conventional security controls.\n\nRecorded Future also said it identified points of similarities with another [HTML dropper attachment](<https://thehackernews.com/2022/07/russian-hackers-using-dropbox-and.html>) put to use by the APT29 threat actor in a campaign aimed at Western diplomatic missions between May and June 2022.\n\nEmbedded within the ISO file, which was created on August 5, 2022, are three files, including an LNK file that tricks the victim into activating the infection sequence, resulting in the deployment of both Colibri loader and Warzone RAT to the target machine.\n\nThe execution of the LNK file also launches an innocuous decoy document \u2013 an application for Ukrainian citizens to request for monetary compensation and fuel discounts \u2013 in an attempt to conceal the malicious operations.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-20T12:56:00", "type": "thn", "title": "Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-09-22T06:02:31", "id": "THN:FB2F303221B7A65E2CFAC245F0DD0B47", "href": "https://thehackernews.com/2022/09/russian-sandworm-hackers-impersonate.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-14T16:23:01", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgNo0JIZZ2xVs6xWtBDjG87OxZhnIm24TPPfBsB4b1eUH3h75A9m5-rMQtbJNUn997mhuZ9FVOeso_N8_mbXm7xPWkdN_VN9xEC-jz_XOOnSKdgBn0U32ePvsu7MkJ99eVXjBZrFnXBotJEoO7vu7eUykxbIFN-6PnFuHXb16ZuNxWHY26VBO19rhGB/s728-e100/russian-hackers.jpg>)\n\nFormer members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022.\n\nThe findings, which come from Google's Threat Analysis Group (TAG), builds upon a [prior report](<https://thehackernews.com/2022/07/russian-hackers-tricked-ukrainians-with.html>) published in July 2022 detailing the [continued cyber activity](<https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/overview-of-the-cyber-weapons-used-in-the-ukraine-russia-war/>) aimed at the Eastern European nation amid the ongoing Russo-Ukrainian war.\n\n\"UAC-0098 is a threat actor that historically delivered the [IcedID banking trojan](<https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html>), leading to human-operated ransomware attacks,\" TAG researcher Pierre-Marc Bureau [said](<https://blog.google/threat-analysis-group/initial-access-broker-repurposing-techniques-in-targeted-attacks-against-ukraine/>) in a report shared with The Hacker News.\n\n\"The attacker has recently shifted their focus to targeting Ukrainian organizations, the Ukrainian government, and European humanitarian and non-profit organizations.\"\n\nUAC-0098 is believed to have functioned as an initial access broker for ransomware groups such as Quantum and [Conti](<https://thehackernews.com/2022/04/gold-ulrick-hackers-still-in-action.html>) (aka FIN12, Gold Ulrick, or Wizard Spider), the former of which was [subsumed by the latter](<https://thehackernews.com/2022/08/conti-cybercrime-cartel-using-bazarcall.html>) in April 2022.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjwAToWSwhUxNkqZBnap1saOcSptSsRKdR2PCuiQamQfKMMtK9-B7ynmiF-gdlmDCOj8RDPb54wYwMRwiIXBFKTwDGotN-y7Rlc4SLlXv-jQUmbV7_4igIalD1e_sKbpjs6ZZYEUwsTet-4KSgvQpaxTA0AqjnN7-DuVbePjhJNOznNM8ypuas5E4_D/s728-e100/google-malware.jpg>)\n\nOne of the prominent campaigns undertaken by the group in June 2022 entailed the abuse of [Follina vulnerability](<https://thehackernews.com/2022/06/russian-hackers-exploiting-microsoft.html>) (CVE-2022-30190) in the Windows operating system to deploy CrescentImp and Cobalt Strike Beacons on to targeted hosts in media and critical infrastructure entities.\n\nBut this appears to be a part of a series of attacks that commenced way back in late April 2022, when the group conducted an email phishing campaign to deliver [AnchorMail](<https://thehackernews.com/2022/03/trickbot-malware-gang-upgrades-its.html>) (aka LackeyBuilder), a variant of the TrickBot group's AnchorDNS implant that uses SMTP for command-and-control.\n\nSubsequent phishing campaigns distributing IcedID and Cobalt Strike have been directed against Ukrainian organizations, repeatedly striking the hospitality sector, some of which impersonated the National Cyber Police of Ukraine or representatives of Elon Musk and StarLink.\n\nAround mid-May, UAC-0098 is also said to have leveraged a compromised account of a hotel in India to send malware-laced attachments to organizations working in the hospitality industry in Ukraine, before expanding to humanitarian NGOs in Italy.\n\nSimilar attacks have also been observed against entities in the technology, retail, and government sectors, with the IcedID binary concealed as a Microsoft update to trigger the infection. Post-exploitation steps carried out following a successful compromise have not been identified.\n\nUAC-0098 is far from the only Conti-affiliated hacking group to set its sights on Ukraine since the onset of the war. In July 2022, IBM Security X-Force [disclosed](<https://thehackernews.com/2022/07/trickbot-malware-shifted-its-focus-on.html>) that the TrickBot gang orchestrated six different campaigns to systematically target the country with a plethora of malware.\n\n\"UAC-0098 activities are representative examples of blurring lines between financially motivated and government backed groups in Eastern Europe, illustrating a trend of threat actors changing their targeting to align with regional geopolitical interests,\" Bureau said.\n\n\"The group demonstrates strong interest in breaching businesses operating in the hospitality industry of Ukraine, going as far as launching multiple distinct campaigns against the same hotel chains.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-07T14:42:00", "type": "thn", "title": "Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-09-14T13:52:54", "id": "THN:8C7C0BBCE90D4B2076F46E011BAB609D", "href": "https://thehackernews.com/2022/09/some-members-of-conti-group-targeting.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-03T09:59:40", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhHUSen7gjgQ5i3C-q9vT12dujHW41TWsQeeVN4wsLFAQmcgZRsO8Q3mTYnY-5mLbMge8R31OsaEXXfqM0Netare_I-JSvbNxgMU29R5g37LRVEcub_rs2mLdXBXgq7IiYJSyEfjnDhGF-Bz78B5X9JhDReehsYhhbqLkUVpPksLtku3ko-eJgjj-9i/s728-e100/chrome.jpg>)\n\nThe actively exploited but now-fixed Google Chrome zero-day flaw that came to light at the start of this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East.\n\nCzech cybersecurity firm Avast linked the exploitation to [Candiru](<https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html>) (aka Saito Tech), which has a history of [leveraging previously unknown flaws](<https://thehackernews.com/2021/11/israels-candiru-spyware-found-linked-to.html>) to deploy a Windows malware dubbed **DevilsTongue**, a modular implant with [Pegasus](<https://thehackernews.com/2022/07/pegasus-spyware-used-to-hack-devices-of.html>)-like capabilities.\n\nCandiru, along with NSO Group, Computer Security Initiative Consultancy PTE. LTD., and Positive Technologies, were [added to the entity list](<https://thehackernews.com/2021/11/us-sanctions-pegasus-maker-nso-group.html>) by the U.S. Commerce Department in November 2021 for engaging in \"malicious cyber activities.\"\n\n\"Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties,\" security researcher Jan Vojt\u011b\u0161ek, who reported the discovery of the flaw, [said](<https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/>) in a write-up. \"We believe the attacks were highly targeted.\"\n\nThe vulnerability in question is [CVE-2022-2294](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>), memory corruption in the [WebRTC](<https://webrtc.org/>) component of the Google Chrome browser that could lead to shellcode execution. It was addressed by Google on July 4, 2022. The same issue has since been patched by [Apple](<https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html>) and [Microsoft](<https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html>) in Safari and Edge browsers.\n\nThe findings shed light on multiple attack campaigns mounted by the Israeli hack-for-hire vendor, which is said to have returned with a revamped toolset in March 2022 to target users in Lebanon, Turkey, Yemen, and Palestine via watering hole attacks using zero-day exploits for Google Chrome.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjipZHJEu9rZboUnuN5vu4vzlFRiroPcgqPjPovcoi87zmmsxwT6Tw0Ye57y2r6_J3tFLfcRQOK2pEX3SQOvb6rAncsH4TTM_qkGtIQdfVJ_pWihsK_8KLSVuikizgk0g782gAxCstqG-TIxSIoJ5RfRqJgyaVUzMzhpQdJ7wP0mUmFPm_69lPZYZvs/s728-e100/chrome-exploit.jpg>)\n\nThe infection sequence spotted in Lebanon commenced with the attackers compromising a website used by employees of a news agency to inject malicious JavaScript code from an actor-controlled domain that's responsible for redirecting potential victims to an exploit server.\n\nVia this watering hole technique, a profile of the victim's browser, consisting of about 50 data points, is created, including details like language, timezone, screen information, device type, browser plugins, referrer, and device memory, among others.\n\nAvast assessed the information was gathered to ensure that the exploit was being delivered only to the intended targets. Should the collected data be deemed of value by the hackers, the zero-day exploit is then delivered to the victim's machine over an encrypted channel.\n\nThe exploit, in turn, abuses the heap buffer overflow in WebRTC to attain shellcode execution. The zero-day flaw is said to have been chained with a sandbox escape exploit (that was never recovered) to gain an initial foothold, using it to drop the DevilsTongue payload.\n\nWhile the sophisticated malware is capable of recording the victim's webcam and microphone, keylogging, exfiltrating messages, browsing history, passwords, locations, and much more, it has also been observed attempting to escalate its privileges by installing a vulnerable signed kernel driver (\"[HW.sys](<https://www.virustotal.com/gui/file/6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5>)\") containing a third zero-day exploit.\n\nEarlier this January, ESET [explained](<https://www.eset.com/int/about/newsroom/press-releases/research/esets-research-into-bring-your-own-vulnerable-driver-details-attacks-on-drivers-in-windows-core-1/>) how vulnerable signed kernel drivers - an approach called Bring Your Own Vulnerable Driver ([BYOVD](<https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/>)) - can become unguarded gateways for malicious actors to gain entrenched access to Windows machines. \n\nThe disclosure comes a week after Proofpoint [revealed](<https://thehackernews.com/2022/07/state-backed-hackers-targeting.html>) that nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware since early 2021.\n\n**_Update:_** Google Project Zero shared the below statement following the publication of the story \u2013\n\n\"CVE-2022-2294 is a memory corruption vulnerability in [libWebRTC](<https://webrtc.org/>), a video conferencing library that is widely used by browsers and mobile applications,\" the search giant's cybersecurity teams said. \"Avast reported that this vulnerability was used to target Google Chrome users in the wild.\"\n\n\"The vulnerability potentially affects other browsers, and was recently [patched](<https://support.apple.com/en-us/HT213341>) in Safari. Many mobile applications also contain the vulnerable code, though it is unclear whether the bug is exploitable. We are not aware of any active exploitation targeting platforms other than Chrome. We greatly appreciate Avast detecting and reporting this issue.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-07-22T06:40:00", "type": "thn", "title": "Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-08-03T08:33:23", "id": "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "href": "https://thehackernews.com/2022/07/candiru-spyware-caught-exploiting.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-06-01T11:56:12", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiUNLbMQKFGJkk_0MuvTZUsbdZk7Mwzi1ubRnWBoCLxeBkICJ8W6xX9SHPsYas7bLDtqj4wO1lZsmsxuPuAxkocOzNUvBMbOmM2yJIGg2t7CnMv5yAaUiSHpTbdt9nsHappGPYR_oG1nild6RLvcMvaILplweROkw7HFZp7QvCAE_V31Ku-G5wnnnZq/s728-e100/office.jpg>)\n\nAn advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new [zero-day flaw](<https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html>) in Microsoft Office to achieve code execution on affected systems.\n\n\"TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique,\" enterprise security firm Proofpoint [said](<https://twitter.com/threatinsight/status/1531688214993555457>) in a tweet.\n\n\"Campaigns impersonate the 'Women Empowerments Desk' of the Central Tibetan Administration and use the domain tibet-gov.web[.]app.\"\n\n[TA413](<https://malpedia.caad.fkie.fraunhofer.de/actor/ta413>) is best known for its campaigns aimed at the Tibetan diaspora to deliver implants such as [Exile RAT](<https://malpedia.caad.fkie.fraunhofer.de/details/win.exilerat>) and [Sepulcher](<https://malpedia.caad.fkie.fraunhofer.de/details/win.sepulcher>) as well as a rogue Firefox browser extension dubbed [FriarFox](<https://thehackernews.com/2021/02/chinese-hackers-using-firefox-extension.html>).\n\nThe high-severity security flaw, dubbed Follina and tracked as CVE-2022-30190 (CVSS score: 7.8), relates to a case of remote code execution that abuses the \"ms-msdt:\" protocol URI scheme to execute arbitrary code.\n\nSpecifically, the attack makes it possible for threat actors to circumvent [Protected View](<https://support.microsoft.com/en-us/topic/what-is-protected-view-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653>) safeguards for suspicious files by simply changing the document to a Rich Text Format (RTF) file, thereby allowing the injected code to be run without even opening the document via the [Preview Pane](<https://docs.microsoft.com/en-us/windows/powertoys/file-explorer>) in Windows File Explorer.\n\nWhile the bug gained widespread attention last week, evidence points to active exploitation of the diagnostic tool flaw in real-world attacks targeting Russian users over a month ago on April 12, 2022, when it was disclosed to Microsoft.\n\nThe company, however, [did not deem it a security issue](<https://thehackernews.com/2022/05/microsoft-releases-workarounds-for.html>) and closed the vulnerability submission report, citing reasons that the MSDT utility requires a [passkey](<https://social.technet.microsoft.com/wiki/contents/articles/30458.windows-10-ctp-how-to-run-microsoft-support-diagnostic-tool.aspx#How_shall_I_get_the_Passkey>) provided by a support technician before it can execute payloads.\n\nThe vulnerability exists in all currently supported Windows versions and can be exploited via Microsoft Office versions Office 2013 through Office 21 and Office Professional Plus editions.\n\n\"This elegant attack is designed to bypass security products and fly under the radar by leveraging Microsoft Office's remote template feature and the ms-msdt protocol to execute malicious code, all without the need for macros,\" Malwarebytes' Jerome Segura [noted](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/microsoft-office-zero-day-follina-its-not-a-bug-its-a-feature-its-a-bug/>).\n\nAlthough there is no official patch available at this point, Microsoft has [recommended](<https://thehackernews.com/2022/05/microsoft-releases-workarounds-for.html>) disabling the MSDT URL protocol to prevent the attack vector. Additionally, it's been [advised](<https://twitter.com/wdormann/status/1531259406624620544>) to turn off the Preview Pane in File Explorer.\n\n\"What makes 'Follina' stand out is that this exploit does not take advantage of Office macros and, therefore, it works even in environments where macros have been disabled entirely,\" Nikolas Cemerikic of Immersive Labs said.\n\n\"All that's required for the exploit to take effect is for a user to open and view the Word document, or to view a preview of the document using the Windows Explorer Preview Pane. Since the latter does not require Word to launch fully, this effectively becomes a zero-click attack.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-06-01T06:02:00", "type": "thn", "title": "Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-30190"], "modified": "2022-06-01T10:00:06", "id": "THN:D9A5562FBD56B3B0FF85376C9BCF0A10", "href": "https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-05T05:59:49", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEijZhKuLa-lQHOTya-LumppJRRe0-K5ZkrokQP6YCJulItM735L7x2VxidGSY3UAUweDYOrlUCjOSZOqKHcBnPJbUkrWJp74sfTiaR4x0D78nMuUhWticD0LtHFKvf1LGsYs6Cb9YnIJTJZwZygzO7MpLe49vP_YZwGnsgl_Jl9cnJRwT5-2Ahq8hf0/s728-e100/rat.jpg>)\n\nAn unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called **Woody RAT** for at least a year as part of a spear-phishing campaign.\n\nThe advanced custom backdoor is said to be delivered via either of two methods: archive files or Microsoft Office documents leveraging the now-patched \"Follina\" support diagnostic tool vulnerability ([CVE-2022-30190](<https://thehackernews.com/2022/07/hackers-exploiting-follina-bug-to.html>)) in Windows.\n\nLike other implants engineered for espionage-oriented operations, Woody RAT sports a wide range of features that enables the threat actor to remotely commandeer and steal sensitive information from the infected systems.\n\n\"The earliest versions of this RAT were typically archived into a ZIP file pretending to be a document specific to a Russian group,\" Malwarebytes researchers Ankur Saini and Hossein Jazi [said](<https://blog.malwarebytes.com/threat-intelligence/2022/08/woody-rat-a-new-feature-rich-malware-spotted-in-the-wild/>) in a Wednesday report.\n\n\"When the Follina vulnerability became known to the world, the threat actor switched to it to distribute the payload.\"\n\nIn one instance, the hacking group attempted to strike a Russian aerospace and defense entity known as [OAK](<https://www.uacrussia.ru/en/>) based on evidence gleaned from a fake domain registered for this purpose.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg35LRJ0ayqjEMKo3ADOi7mLoAyI4moDW82GmOQ2AlRyBAr__ZIQMM7vFfzy16TW4_PJDRxTM3MyD7ds52s6eT0XLADE2Hz4UwUUa1dTPqwH82imY_KTeVPstKV8SaH6cUZFOFhzy9sDGaIgyuV67nCpgMjWxG3zJtHwhSLCWzu8TEc3yxib37k2VDO/s728-e100/malware.jpg>)\n\nAttacks leveraging the Windows flaw as part of this campaign first came to light on June 7, 2022, when researchers from the MalwareHunterTeam [disclosed](<https://twitter.com/malwrhunterteam/status/1534184385313923072>) the use of a document named \"\u041f\u0430\u043c\u044f\u0442\u043a\u0430.docx\" (which translates to \"Memo.docx\") to deliver a CSS payload containing the trojan.\n\nThe document purportedly offers best security practices for passwords and confidential information, among others, while acting as a decoy for dropping the backdoor.\n\nBesides encrypting its communications with a remote server, Woody RAT is equipped with capabilities to write arbitrary files to the machine, execute additional malware, delete files, enumerate directories, capture screenshots, and gather a list of running processes.\n\nAlso embedded within the malware are two .NET-based libraries named WoodySharpExecutor and WoodyPowerSession that can be used to run .NET code and PowerShell commands received from the server, respectively.\n\nFurthermore, the malware makes use of the [process hollowing technique](<https://attack.mitre.org/techniques/T1055/012/>) to inject itself into a suspended Notepad process and deletes itself from the disk to evade detection from security software installed on the compromised host.\n\nMalwarebytes has yet to attribute the attacks to a specific threat actor, citing lack of solid indicators linking the campaign to a previously known group, although Chinese and North Korean nation-state collectives have targeted Russia in the past.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-04T12:55:00", "type": "thn", "title": "New Woody RAT Malware Being Used to Target Russian Organizations", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-08-05T05:42:05", "id": "THN:DFB68B1B6C2EFBB410EB54D83320B71C", "href": "https://thehackernews.com/2022/08/new-woody-rat-malware-being-used-to.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-07T15:35:06", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjWMKOvweSFs-6_yTKhS8Ei2IBg2vcJuX9wiigmwmv2hOkJWeIzjBRPZIGuCENyJ3ZhGbdw4r7S79Z_QdBYo0oVXNm1oL_JGsK3zHlILQmiu3OHiuBKqzhrFWj-vyyCk813l8T4dSdgnOz-c05mTwyfEA0pwW8cRr31kStWCgi_TDxMXnmMfDgheC7X/s728-e100/windows.jpg>)\n\nA suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office \"Follina\" vulnerability to target government entities in Europe and the U.S.\n\nEnterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked as [CVE-2022-30190](<https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html>) (CVSS score: 7.8). No less than 1,000 phishing messages containing a lure document were sent to the targets.\n\n\"This campaign masqueraded as a salary increase and utilized an RTF with the exploit payload downloaded from 45.76.53[.]253,\" the company [said](<https://twitter.com/threatinsight/status/1532830739208732673>) in a series of tweets.\n\nThe payload, which manifests in the form of a PowerShell script, is Base64-encoded and functions as a downloader to retrieve a second PowerShell script from a remote server named \"seller-notification[.]live.\"\n\n\"This script checks for virtualization, steals information from local browsers, mail clients and file services, conducts machine recon and then zips it for exfil[tration] to 45.77.156[.]179,\" the company added.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiF_m7_KsHBbfl6j9PPTd8t5DZ4_iAR6cG5PWwiqwiHn_YkdsXkjr3qRPs83Oje0Y5pqaKc2zav2Crnq-KH0HGQpBeKMWZaR8dtf2akXuHmO8cwk7tpkBX5uKcHjq5az14xOsPTCFUi71Lo2E4DebsFoKvV-d0ML_UZr_ap7hkNoBGdGo3Q4L6VVWgs/s728-e100/hacking.jpg>)\n\nThe phishing campaign has not been linked to a previously known group, but said it was mounted by a nation-state actor based on the specificity of the targeting and the PowerShell payload's wide-ranging reconnaissance capabilities.\n\nThe development follows [active exploitation attempts](<https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html>) by a Chinese threat actor tracked as TA413 to deliver weaponized ZIP archives with malware-rigged Microsoft Word documents.\n\nThe Follina vulnerability, which leverages the \"ms-msdt:\" protocol URI scheme to remotely take control of target devices, remains unpatched, with Microsoft urging customers to [disable the protocol](<https://thehackernews.com/2022/05/microsoft-releases-workarounds-for.html>) to prevent the attack vector.\n\nIn the absence of a security update, 0patch has released an [unofficial fix](<https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html>) to block ongoing attacks against Windows systems that target the Microsoft Windows Support Diagnostic Tool (MSDT) vulnerability.\n\n\"It doesn't matter which version of Office you have installed, or if you have Office installed at all: the vulnerability could also be exploited through [other attack vectors](<https://twitter.com/0xBacco/status/1531599168363548672>),\" 0patch's Mitja Kolsek said.\n\n\"Proofpoint continues to see targeted attacks leveraging CVE-2022-30190,\" Sherrod DeGrippo, vice president of threat research, said in a statement shared with The Hacker News.\n\n\"The extensive reconnaissance conducted by the second PowerShell script demonstrates an actor interested in a large variety of software on a target's computer. This, coupled with the tight targeting of European government and local U.S. governments, led us to suspect this campaign has a state aligned nexus.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-06T02:54:00", "type": "thn", "title": "State-Backed Hackers Exploit Microsoft 'Follina' Bug to Target Entities in Europe and U.S", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-06-07T12:27:16", "id": "THN:21FC29F7D7C7E2DA7D2F19E89085FD55", "href": "https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cisco": [{"lastseen": "2023-12-03T16:51:20", "description": "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.\n\nFor more information about these vulnerabilities, see the Details [\"#ds\"] section of this advisory.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR\"]", "cvss3": {}, "published": "2022-08-03T16:00:00", "type": "cisco", "title": "Cisco Small Business RV Series Routers Vulnerabilities", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-20827", "CVE-2022-20841", "CVE-2022-20842"], "modified": "2022-08-03T16:00:00", "id": "CISCO-SA-SB-MULT-VULN-CBVP4SUR", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR", "cvss": {"score": 9.0, "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}}], "almalinux": [{"lastseen": "2023-12-03T17:28:41", "description": "The fwupd packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287)\n* shim: 3rd party shim allow secure boot bypass (CVE-2022-34301)\n* shim: 3rd party shim allow secure boot bypass (CVE-2022-34302)\n* shim: 3rd party shim allow secure boot bypass (CVE-2022-34303)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-09T00:00:00", "type": "almalinux", "title": "Moderate: fwupd security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3287", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-05-12T02:42:05", "id": "ALSA-2023:2487", "href": "https://errata.almalinux.org/9/ALSA-2023-2487.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2023-11-20T19:22:28", "description": "[1.8.10-2.0.1]\n- Drop pesign.service restart in postun [Orabug: 34760075]\n- Update signing certificate [JIRA: OLDIS-16371]\n- Rebuild for SecureBoot signatures [Orabug: 33801813]\n- Build with the updated Oracle certificate\n- Use oraclesecureboot301 as certdir [Orabug: 29881368]\n- Use new signing certificate (Alex Burmashev)\n- Update SBAT data to include Oracle [Oracle: 33072886]\n[1.8.10-2]\n- Rebuild because distrobaker did entirely the wrong thing.\n- Resolves: rhbz#2128384, needed for rhbz#2119436 and rhbz#2128384\n[1.8.10-1]\n- Rebase to latest upstream release to fix multiple ESP detection problems\n- Resolves: rhbz#2128384, needed for rhbz#2119436 and rhbz#2128384\n[1.7.10-1]\n- New upstream release\n- Resolves: rhbz#2129280\n[1.7.9-2]\n- Include the new dbx updates on the filesystem; clients typically do not have LVFS enabled.\n- Resolves: rhbz#2120708\n[1.7.8-1]\n- New upstream release\n- Resolves: rhbz#2059075\n[1.7.4-3]\n- Disable the Logitech bulkcontroller plugin to avoid adding a dep to protobuf-c\n which lives in AppStream, not BaseOS.\n- Use the efi_vendor variable from EFI-RPM\n- Resolves: rhbz#2064904\n[1.7.4-1]\n- New upstream release\n- Backport Fedora 34 changes\n- Include support for Lenovo TBT4 Docking stations\n- Do not cause systemd-modules-load failures\n- Build against a new enough pesign\n- Resolves: rhbz#2007520\n[1.7.1-1]\n- New upstream release\n- Backport Fedora 34 changes\n- Include support for Dell TBT4 Docking stations\n- Resolves: rhbz#1974347\n- Resolves: rhbz#1991426\n[1.5.9-4]\n- Rebuilt to use redhatsecureboot503 signatures\n- Undo last Fedora sync to use the RHEL-specific patches\n- Resolves: rhbz#2007520\n[1.5.9-3]\n- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags\n Related: rhbz#1991688\n[1.5.9-2]\n- Rebuilt for RHEL 9 BETA for openssl 3.0\n Related: rhbz#1971065\n[1.5.9-1]\n- Rebase to include the SBAT metadata section to allow fixing BootHole\n- Resolves: rhbz#1951030\n[1.5.5-4]\n- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937\n[1.5.5-3]\n- Backport a patch from master to drop the python3-pillow dep\n- Resolves: rhbz#1935838", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-15T00:00:00", "type": "oraclelinux", "title": "fwupd security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3287", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-05-15T00:00:00", "id": "ELSA-2023-2487", "href": "http://linux.oracle.com/errata/ELSA-2023-2487.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "mskb": [{"lastseen": "2023-11-28T11:08:26", "description": "None\n**NOTE** Improved diagnostics have been added to detect and report issue details through the event log. Please see [KB5016061: Addressing vulnerable and revoked Boot Managers](<https://support.microsoft.com/help/5016061>) for more information.\n\n## **Applies to**\n\nThis security update applies only to the following Windows versions:\n\n * * Windows Server 2012\n * Windows 8.1 and Windows Server 2012 R2\n * Windows 10, version 1507\n * Windows 10, version 1607 and Windows Server 2016\n * Windows 10, version 1809 and Windows Server 2019\n * Windows 10, version 20H2\n * Windows 10, version 21H1\n * Windows 10, version 21H2\n * Windows 10, version 22H2\n * Windows Server 2022\n * Windows 11, version 21H2\n * Windows 11, version 22H2\n * Azure Stack HCI, version 1809\n * Azure Stack Data Box, version 1809 (ASDB)\n\n## **Summary**\n\nThis security update makes improvements to Secure Boot DBX for the supported Windows versions listed in the \"Applies to\" section. Key changes include the following: \n\n * * Windows devices that has Unified Extensible Firmware Interface (UEFI) based firmware can run with Secure Boot enabled. The Secure Boot Forbidden Signature Database (DBX) prevents UEFI modules from loading. This update adds modules to the DBX. \n \nA security feature bypass vulnerability exists in secure boot. An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software. \n \nThis security update addresses the vulnerability by adding the signatures of the known vulnerable UEFI modules to the DBX.\nTo learn more about this security vulnerability, see the following advisory:\n * * [ADV200011 | Microsoft Guidance for Addressing Security Feature Bypass in GRUB](<https://msrc.microsoft.com/update-guide/vulnerability/ADV200011>)\nFor additional information about this security vulnerability, see the following resources: \n * * [CVE-2022-34301 | Eurosoft Boot Loader Bypass](<https://vulners.com/cve/CVE-2022-34301>)\n * [CVE-2022-34302 | New Horizon Data Systems Inc Boot Loader Bypass](<https://vulners.com/cve/CVE-2022-34302>)\n * [CVE-2022-34303 | Crypto Pro Boot Loader Bypass](<https://vulners.com/cve/CVE-2022-34303>)\n\n## **Known issues**\n\n**Issue**| **Next step** \n---|--- \nIf BitLocker Group Policy **Configure TPM platform validation profile for native UEFI firmware configurations** is enabled and PCR7 is selected by policy, it may result in the update failing to install.To view the PCR7 binding status, run the Microsoft System Information (Msinfo32.exe) tool with administrative permissions.| To workaround this issue, do one of the following before you deploy this update:\n\n * On a device that does not have Credential Gard enabled, run following command from an Administrator command prompt to suspend BitLocker for 1 restart cycle:`\n \n \rManage-bde \u2013Protectors \u2013Disable C: -RebootCount 1\n\n`Then, deploy the update and restart the device to resume the BitLocker protection.\n * On a device that has Credential Guard enabled, run the following command from an Administrator command prompt to suspend BitLocker for 2 restart cycles:`\n \n \rManage-bde \u2013Protectors \u2013Disable C: -RebootCount 3\t\t\t\t\n\n`Then, deploy the update and restart the device to resume the BitLocker protection. \nWhen attempting to install this update, it might fail to install, and you might receive Error 0x800f0922.**Note** This issue only affects this security update for Secure Boot DBX (KB5012170) and does not affect the latest cumulative security updates, monthly rollups, or security-only updates.| To resolve this issue, install the Servicing Stack Update (SSU) released March 14, 2023, or a later SSU update, for your supported Windows operating system:\n\n * Windows 11, version 22H2 SSU (SSU installed from cumulative update [KB5023706](<https://support.microsoft.com/help/5023706>))\n * Windows 11, version 21H2 SSU (SSU installed from cumulative update [KB5023698](<https://support.microsoft.com/help/5023698>))\n * Windows Server 2022 SSU (SSU installed from cumulative update [KB5023705](<https://support.microsoft.com/help/5023705>))\n * Windows 10, version 20H2, 21H2, and 22H2 SSU (SSU installed from cumulative update [KB5023696](<https://support.microsoft.com/help/5023696>))\n * Windows 10, version 1809/Windows Server 2019 (SSU installed from cumulative update [KB5023702](<https://support.microsoft.com/help/5023702>))\n * Windows Server 2016 SSU [KB5023788](<https://support.microsoft.com/help/5023788>)\n * Windows 10 SSU [KB5023787](<https://support.microsoft.com/help/5023787>)\n * Windows Server 2012 R2 SSU [KB5023790](<https://support.microsoft.com/help/5023790>)\n * Windows Server 2012 SSU [KB5023791](<https://support.microsoft.com/help/5023791>)\nFor information about the new error events added by these SSU updates and actions to take when an error occurs, see [KB5016061](<https://support.microsoft.com/help/5016061>). \nSome devices might enter BitLocker Recovery on the first or second restart after attempting to install this update on Windows 11.| This issue is addressed in the servicing stack updates (SSU) and the latest cumulative updates (LCU) dated July 12, 2022 and later. \n \n## **How to get this update**\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update or Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog ](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5012170>)website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows 10, version 1903 and later, Windows 11, Azure Stack HCI, Azure Data Box**Classification**: Security Updates \n**Prerequisites**Make sure you have the lastest servicing stack update (SSU) installed. For information about the latest SSU for your operating system, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001>).**Restart information** Your device does not have to restart when you apply this update. If you have Windows Defender Credential Guard (Virtual Secure Mode) enabled, your device might request a restart. **Update replacement information **This update replaces previously released update [KB4535680](<https://support.microsoft.com/help/4535680>).\n\n## **File information**\n\nThe English (United States) version of this security update installs files that have the attributes that are listed in the following tables. \n\n### **Azure Stack HCI, version 1809**\n\n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 13-Jul-2022| 18:12| 3 \ndbxupdate.bin| Not versioned| 13-Jul-2022| 18:12| 13,778 \nTpmTasks.dll| 10.0.17784.2602| 20-Jul-2022| 21:53| 114,688 \n \n### **Azure Stack Data Box, version 1809**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File version** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 13-Jun-2022| 21:46| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 17:50| 6,002 \nTpmTasks.dll| 10.0.17763.10933| 20-Jul-2022| 21:13| 84,992 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 13-Jul-2022| 18:07| 3 \ndbxupdate.bin| Not versioned| 13-Jul-2022| 18:07| 13,778 \nTpmTasks.dll| 10.0.17763.10933| 20-Jul-2022| 21:32| 110,592 \n \n### **Windows 11, version 22H2**\n\n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 16-Jun-2022| 19:56| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:18| 13,778 \nTpmTasks.dll| 10.0.19041.1880| 11-Jul-2022| 21:05| 296,960 \n \n### \n\n__\n\nFor all supported Arm64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 6-Jun-2022| 18:24| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:16| 4,370 \nTpmTasks.dll| 10.0.19041.1880| 11-Jul-2022| 20:43| 324,096 \n \n### **Windows 11, version 21H2**\n\n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 23-Apr-2022| 14:18| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:06| 13,778 \nTpmTasks.dll| 10.0.22000.850| 11-Jul-2022| 20:34| 323,584 \n \n### \n\n__\n\nFor all supported Arm64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 23-Apr-2022| 14:18| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:04| 4,370 \nTpmTasks.dll| 10.0.22000.850| 11-Jul-2022| 20:50| 313,856 \n \n### **Windows Server 2022**\n\n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 23-Apr-2022| 14:18| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:06| 13,778 \nTpmTasks.dll| 10.0.22000.850| 11-Jul-2022| 20:34| 323,584 \n \n### \n\n__\n\nFor all supported Arm64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 23-Apr-2022| 14:18| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:04| 4,370 \nTpmTasks.dll| 10.0.22000.850| 11-Jul-2022| 20:50| 313,856 \n \n### **Windows 10, version 22H2**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 30-Dec-21| 18:29| 3 \ndbxupdate.bin| Not versioned| 21-Jul-22| 0:24| 6,002 \nTpmTasks.dll| 10.0.14393.5285| 21-Jul-22| 0:25| 59,904 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 30-Sep-21| 13:17| 3 \ndbxupdate.bin| Not versioned| 21-Jul-22| 1:38| 13,778 \nTpmTasks.dll| 10.0.14393.5285| 21-Jul-22| 1:42| 72,192 \n \n### \n\n__\n\nFor all supported Arm64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 6-Jun-2022| 18:24| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:16| 4,370 \nTpmTasks.dll| 10.0.19041.1880| 11-Jul-2022| 20:43| 324,096 \n \n### **Windows 10, version 20H2, 21H1, and 21H2**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 11-Jul-2022| 18:16| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:16| 6,002 \nTpmTasks.dll| 10.0.19041.1880| 11-Jul-2022| 20:38| 242,688 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 16-Jun-2022| 19:56| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:18| 13,778 \nTpmTasks.dll| 10.0.19041.1880| 11-Jul-2022| 21:05| 296,960 \n \n### \n\n__\n\nFor all supported Arm64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 6-Jun-2022| 18:24| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:16| 4,370 \nTpmTasks.dll| 10.0.19041.1880| 11-Jul-2022| 20:43| 324,096 \n \n### **Windows 10, version 1809 and Windows Server 2019**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 27-Jun-2022| 17:57| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 17:47| 6,002 \nTpmTasks.dll| 10.0.17763.3280| 11-Jul-2022| 21:36| 84,992 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 24-May-2022| 12:34| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 17:50| 13,778 \nTpmTasks.dll| 10.0.17763.3280| 11-Jul-2022| 21:40| 110,592 \n \n### \n\n__\n\nFor all supported Arm64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 24-May-2022| 12:33| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 17:49| 4,370 \nTpmTasks.dll| 10.0.17763.3280| 11-Jul-2022| 21:30| 115,712 \n \n### **Windows 10, version 1607 and Windows Server 2016**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 30-Dec-2021| 18:29| 3 \ndbxupdate.bin| Not versioned| 12-Jul-2022| 20:44| 6,002 \nTpmTasks.dll| 10.0.14393.5281| 12-Jul-2022| 20:44| 59,904 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 30-Sep-2021| 13:17| 3 \ndbxupdate.bin| Not versioned| 14-Jul-2022| 2:15| 13,778 \nTpmTasks.dll| 10.0.14393.5281| 14-Jul-2022| 2:17| 72,192 \n \n### **Windows 10, version 1507**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 11-Jul-2022| 18:41| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:41| 6,002 \nTpmTasks.dll| 10.0.10240.19297| 2-May-2022| 16:52| 46,080 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 11-Jul-2022| 18:41| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:41| 13,778 \nTpmTasks.dll| 10.0.10240.19297| 2-May-2022| 16:56| 56,320 \n \n### **Windows 8.1 and Windows Server 2012 R2**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 28-Oct-2021| 12:35| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:51| 6,002 \nTpmTasks.dll| 6.3.9600.20512| 11-Jul-2022| 20:50| 152,576 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 1-Jan-2022| 0:00| 3 \ndbxupdate.bin| Not versioned| 12-Jul-2022| 12:36| 13,778 \nTpmTasks.dll| 6.3.9600.20512| 12-Jul-2022| 14:57| 181,760 \n \n### \n\n__\n\nFor all supported Arm-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 14-Oct-2021| 18:42| 3 \ndbxupdate.bin| Not versioned| 7-Jun-2022| 12:03| 7,085 \nTpmTasks.dll| 6.3.9600.20512| 11-Jul-2022| 20:38| 137,216 \n \n### **Windows Server 2012**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 11-Jul-2022| 18:14| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:14| 6,002 \nTpmTasks.dll| 6.2.9200.23709| 21-Apr-2022| 12:26| 81,408 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 17-Jun-2022| 18:01| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:07| 13,778 \nTpmTasks.dll| 6.2.9200.23709| 21-Apr-2022| 12:45| 99,328 \n \n## **References**\n\nLearn about the [standard terminology](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) that is used to describe Microsoft software updates.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-14T00:00:00", "type": "mskb", "title": "KB5012170: Security update for Secure Boot DBX", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0689", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-03-14T00:00:00", "id": "KB5012170", "href": "https://support.microsoft.com/en-us/help/5012170", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T09:56:26", "description": "None\n**NEW 8/26/22****IMPORTANT **Microsoft released [KB5012170](<http://support.microsoft.com/help/5012170>) on August 9, 2022. It provides support for Secure Boot Forbidden Signature Database (DBX). This is a standalone, security update. Windows 8.1 and newer clients and Windows Server 2012 and newer servers must install this update regardless of whether BitLocker is enabled or supported on your device. After you install the update, you might receive error \u201c0x800f0922\u201d; see [Update might fail to install and you might receive a 0x800f0922 error](<https://docs.microsoft.com/windows/release-health/status-windows-11-21h2#2883msgdesc>). After you install the update, your device might start up in [BitLocker recovery mode](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn383583\\(v=ws.11\\)>). See [Some devices might start up into BitLocker Recovery](<https://docs.microsoft.com/windows/release-health/status-windows-11-21h2#some-devices-might-start-up-into-bitlocker-recovery>) and [Finding your BitLocker recovery key in Windows](<https://support.microsoft.com/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6>).\n\nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows Server 2022, see its update history page. **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the Windows release health dashboard. \n\n## Improvements\n\nThis security update includes improvements that were a part of update KB5015879 (released July 19, 2022) and also addresses the following issues: \n\n * Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. This issue affects devices that have installed Windows updates dated June 14, 2022 or later. This issue occurs when the device performs a specific form of service for user (S4U) in a non-Trusted Computing Base (TCB) Windows service that runs as Network Service.\nIf you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.For more information about security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>) and the [August 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug>)\n\n### Windows 10 servicing stack update - 20348.850\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, IE mode tabs in Microsoft Edge might stop responding when a site displays a modal dialog box. A modal dialog box is a form or dialog box that requires the user to respond before continuing or interacting with other portions of the webpage or app. **Developer Note** Sites affected by this issue call **window.focus**.| This issue is addressed in KB5016693. \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| This issue is addressed in KB5017381. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5016627>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Microsoft Server operating system-21H2**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File Information**For a list of the files that are provided in this update, download the [file information for cumulative update 5016627](<https://download.microsoft.com/download/c/9/0/c903a6e1-fbe7-4978-8482-9d4c9cd3b5cc/5016627.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 20348.850](<https://download.microsoft.com/download/9/9/1/9916b98e-3f4e-42ff-8be5-1647dbbe0037/SSU_version_20348_850.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-11T00:00:00", "type": "mskb", "title": "August 9, 2022\u2014KB5016627 (OS Build 20348.887)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30133", "CVE-2022-30194", "CVE-2022-30197", "CVE-2022-33670", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34689", "CVE-2022-34690", "CVE-2022-34691", "CVE-2022-34696", "CVE-2022-34699", "CVE-2022-34701", "CVE-2022-34702", "CVE-2022-34703", "CVE-2022-34704", "CVE-2022-34705", "CVE-2022-34706", "CVE-2022-34707", "CVE-2022-34708", "CVE-2022-34709", "CVE-2022-34710", "CVE-2022-34711", "CVE-2022-34712", "CVE-2022-34713", "CVE-2022-34714", "CVE-2022-34715", "CVE-2022-35743", "CVE-2022-35744", "CVE-2022-35745", "CVE-2022-35746", "CVE-2022-35747", "CVE-2022-35748", "CVE-2022-35749", "CVE-2022-35750", "CVE-2022-35751", "CVE-2022-35752", "CVE-2022-35753", "CVE-2022-35755", "CVE-2022-35756", "CVE-2022-35757", "CVE-2022-35758", "CVE-2022-35759", "CVE-2022-35760", "CVE-2022-35761", "CVE-2022-35762", "CVE-2022-35763", "CVE-2022-35764", "CVE-2022-35765", "CVE-2022-35766", "CVE-2022-35767", "CVE-2022-35768", "CVE-2022-35769", "CVE-2022-35771", "CVE-2022-35792", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35795", "CVE-2022-35820", "CVE-2022-35822"], "modified": "2022-09-11T00:00:00", "id": "KB5016627", "href": "https://support.microsoft.com/en-us/help/5016627", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T09:56:26", "description": "None\n**NEW 8/26/22****IMPORTANT **Microsoft released [KB5012170](<http://support.microsoft.com/help/5012170>) on August 9, 2022. It provides support for Secure Boot Forbidden Signature Database (DBX). This is a standalone, security update. Windows 8.1 and newer clients and Windows Server 2012 and newer servers must install this update regardless of whether BitLocker is enabled or supported on your device. After you install the update, you might receive error \u201c0x800f0922\u201d; see [Update might fail to install and you might receive a 0x800f0922 error](<https://docs.microsoft.com/windows/release-health/status-windows-11-21h2#2883msgdesc>). After you install the update, your device might start up in [BitLocker recovery mode](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn383583\\(v=ws.11\\)>). See [Some devices might start up into BitLocker Recovery](<https://docs.microsoft.com/windows/release-health/status-windows-11-21h2#some-devices-might-start-up-into-bitlocker-recovery>) and [Finding your BitLocker recovery key in Windows](<https://support.microsoft.com/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6>).\n\nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 11 (original release), see its update history page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the Windows release health dashboard. \n\n\n\n## Highlights \n\n * Addresses a known issue that might prevent some of you from opening the Start menu.\n * Addresses security issues for your Windows operating system. \n\n## Improvements\n\nThis security update includes improvements that were a part of update KB5015882 (released July 21, 2022) and also addresses the following issues: \n\n * Addresses a known issue that might prevent some of you from opening the Start menu. On the affected devices, clicking or tapping the Start button or using the Windows keyboard shortcut might have no effect.\nIf you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.For more information about security vulnerabilities, please refer to the [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [August 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug>).\n\n### Windows 11 servicing stack update - 22000.826\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n**Applies to**| **Symptom**| **Workaround** \n---|---|--- \nIT admins| After installing this update, IE mode tabs in Microsoft Edge might stop responding when a site displays a modal dialog box. A modal dialog box is a form or dialog box that requires the user to respond before continuing or interacting with other portions of the webpage or app. **Developer Note** Sites affected by this issue call **window.focus**.| This issue is addressed in KB5016691. If you do not want to install this update, see the instructions below.This issue is resolved using [Known Issue Rollback (KIR)](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/known-issue-rollback-helping-you-keep-windows-devices-protected/ba-p/2176831>). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue can resolve it by installing and configuring the special Group Policy listed below. For information on deploying and configuring these special Group Policy, please see [How to use Group Policy to deploy a Known Issue Rollback](<https://docs.microsoft.com/troubleshoot/windows-client/group-policy/use-group-policy-to-deploy-known-issue-rollback>).Group Policy downloads with Group Policy name:\n\n * [Download for Windows 11](<https://download.microsoft.com/download/5/e/3/5e356255-fd5f-47b4-b10d-267cbfc24e63/Windows%2011%20\\(original%20release\\)%20KB5014019%20220624_22553%20Known%20Issue%20Rollback.msi>) \\- Windows 11 (original release) KB5014019 220624_22553 Known Issue Rollback\n**Important** You will need to **install **and **configure** the Group Policy for your version of Windows to resolve this issue. \nIT admins| After installing this update, XPS Viewer might be unable to open XML Paper Specification (XPS) documents in some non-English languages, including some Japanese and Chinese character encodings. This issue affects both XML Paper Specification (XPS) and Open XML Paper Specification (OXPS) files. When encountering this issue, you may receive an error, \"This page cannot be displayed\" within XPS Viewer or it might stop responding and have high CPU usage with continually increasing memory usage. When the error is encountered, if XPS Viewer is not closed it might reach up to 2.5GB of memory usage before closing unexpectedly.This issue does not affect most home users. The [XPS Viewer is no longer installed by default as of Windows 10, version 1803](<https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features>) and [must be manually installed](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fapplication-management%2Fadd-apps-and-features&data=05%7C01%7Cv-shros%40microsoft.com%7Cf67e41cad4af4dcf09ac08da79a42805%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637956043196783103%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mAxvq%2BP02NuUNLL2Heb2Ukgr1KQwfN5Gs0xwQBs5egY%3D&reserved=0>).| This issue is addressed in KB5017383. \nAll users| Starting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| This issue is addressed in KB5017383. \n \n## How to get this update\n\n**Before installing this update**Microsoft combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5016629>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 11**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5016629](<https://download.microsoft.com/download/9/0/4/904f3b7d-8fdb-4582-9421-0b75c1fd1dba/5016629.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 22000.826](<https://download.microsoft.com/download/5/d/6/5d6bad3d-8606-435d-914a-6d4f78f8bd0c/SSU_version_22000_826.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-11T00:00:00", "type": "mskb", "title": "August 9, 2022\u2014KB5016629 (OS Build 22000.856)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30133", "CVE-2022-30144", "CVE-2022-30194", "CVE-2022-30197", "CVE-2022-33670", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34689", "CVE-2022-34690", "CVE-2022-34691", "CVE-2022-34696", "CVE-2022-34699", "CVE-2022-34701", "CVE-2022-34702", "CVE-2022-34703", "CVE-2022-34704", "CVE-2022-34705", "CVE-2022-34706", "CVE-2022-34707", "CVE-2022-34708", "CVE-2022-34709", "CVE-2022-34710", "CVE-2022-34711", "CVE-2022-34712", "CVE-2022-34713", "CVE-2022-34714", "CVE-2022-35743", "CVE-2022-35744", "CVE-2022-35745", "CVE-2022-35746", "CVE-2022-35747", "CVE-2022-35749", "CVE-2022-35750", "CVE-2022-35751", "CVE-2022-35752", "CVE-2022-35753", "CVE-2022-35754", "CVE-2022-35755", "CVE-2022-35756", "CVE-2022-35757", "CVE-2022-35758", "CVE-2022-35759", "CVE-2022-35760", "CVE-2022-35761", "CVE-2022-35766", "CVE-2022-35767", "CVE-2022-35768", "CVE-2022-35769", "CVE-2022-35771", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35795", "CVE-2022-35797", "CVE-2022-35804", "CVE-2022-35820", "CVE-2022-35822"], "modified": "2022-09-11T00:00:00", "id": "KB5016629", "href": "https://support.microsoft.com/en-us/help/5016629", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-12-03T16:41:04", "description": "The fwupd packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287)\n\n* shim: 3rd party shim allow secure boot bypass (CVE-2022-34301)\n\n* shim: 3rd party shim allow secure boot bypass (CVE-2022-34302)\n\n* shim: 3rd party shim allow secure boot bypass (CVE-2022-34303)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-09T05:12:08", "type": "redhat", "title": "(RHSA-2023:2487) Moderate: fwupd security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3287", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-05-09T06:03:15", "id": "RHSA-2023:2487", "href": "https://access.redhat.com/errata/RHSA-2023:2487", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "mscve": [{"lastseen": "2023-12-03T21:50:44", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190", "CVE-2022-34713"], "modified": "2022-08-10T07:00:00", "id": "MS:CVE-2022-34713", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34713", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T21:50:44", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "Windows Network File System Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34715"], "modified": "2022-08-09T07:00:00", "id": "MS:CVE-2022-34715", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34715", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:36", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "Microsoft Exchange Server Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30134"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-30134", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30134", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-12-03T21:50:49", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-05T07:00:00", "type": "mscve", "title": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33649"], "modified": "2022-08-05T07:00:00", "id": "MS:CVE-2022-33649", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-33649", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:36", "description": "", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34302"], "modified": "2022-08-09T07:00:00", "id": "MS:CVE-2022-34302", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34302", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:34", "description": "", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35766"], "modified": "2022-08-09T07:00:00", "id": "MS:CVE-2022-35766", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35766", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:43", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35744"], "modified": "2022-08-09T07:00:00", "id": "MS:CVE-2022-35744", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35744", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:46", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "Active Directory Domain Services Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34691"], "modified": "2022-08-30T07:00:00", "id": "MS:CVE-2022-34691", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34691", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:38", "description": "", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34303"], "modified": "2022-08-09T07:00:00", "id": "MS:CVE-2022-34303", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34303", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:33", "description": "", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35794"], "modified": "2022-08-09T07:00:00", "id": "MS:CVE-2022-35794", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35794", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:49", "description": "", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-05T07:00:00", "type": "mscve", "title": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33636"], "modified": "2022-08-05T07:00:00", "id": "MS:CVE-2022-33636", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-33636", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:38", "description": "", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34301"], "modified": "2022-08-09T07:00:00", "id": "MS:CVE-2022-34301", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34301", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:37", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "SMB Client and Server Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35804"], "modified": "2022-08-09T07:00:00", "id": "MS:CVE-2022-35804", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35804", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:49", "description": "", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-05T07:00:00", "type": "mscve", "title": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35796"], "modified": "2022-08-05T07:00:00", "id": "MS:CVE-2022-35796", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35796", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:34", "description": "", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.7, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.1, "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35793"], "modified": "2022-08-09T07:00:00", "id": "MS:CVE-2022-35793", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35793", "cvss": {"score": 4.1, "vector": "AV:L/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:48", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30133"], "modified": "2022-08-09T07:00:00", "id": "MS:CVE-2022-30133", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30133", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:41", "description": "", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.7, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.1, "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35755"], "modified": "2022-08-09T07:00:00", "id": "MS:CVE-2022-35755", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35755", "cvss": {"score": 4.1, "vector": "AV:L/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:47", "description": "", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "Azure Batch Node Agent Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33646"], "modified": "2023-03-29T07:00:00", "id": "MS:CVE-2022-33646", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-33646", "cvss": {"score": 3.5, "vector": "AV:L/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:56", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T07:00:00", "type": "mscve", "title": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22047"], "modified": "2022-07-12T07:00:00", "id": "MS:CVE-2022-22047", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22047", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T21:51:05", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-06T16:32:48", "type": "mscve", "title": "Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-07T07:00:00", "id": "MS:CVE-2022-2294", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:51:17", "description": "A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user\u2019s rights.\n\nPlease see the [MSRC Blog Entry](<https://aka.ms/CVE-2022-30190-Guidance>) for important information about steps you can take to protect your system from this vulnerability.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-30T07:00:00", "type": "mscve", "title": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-06-14T07:00:00", "id": "MS:CVE-2022-30190", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "krebs": [{"lastseen": "2022-08-10T00:01:26", "description": "**Microsoft** today released updates to fix a record 141 security vulnerabilities in its **Windows** operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the **Microsoft Support Diagnostics Tool** (MSDT), a service built into Windows. Redmond also addressed multiple flaws in **Exchange Server** -- including one that was disclosed publicly prior to today -- and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.\n\n\n\nIn June, Microsoft patched a vulnerability in MSDT dubbed &quot;**Follina**&quot; that had been [used in active attacks for at least three months prior](<https://krebsonsecurity.com/2022/06/microsoft-patch-tuesday-june-2022-edition/>). This latest MSDT bug -- [CVE-2022-34713](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713>) -- is a remote code execution flaw that requires convincing a target to open a booby-trapped file, such as an Office document. Microsoft this month also issued a different patch for another MSDT flaw, tagged as [CVE-2022-35743](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35743>).\n\nThe publicly disclosed Exchange flaw is [CVE-2022-30134](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>), which is an information disclosure weakness. Microsoft also released fixes for three other Exchange flaws that rated a &quot;critical&quot; label, meaning they could be exploited remotely to compromise the system and with no help from users. Microsoft says addressing some of the Exchange vulnerabilities fixed this month requires administrators to enable Windows Extended protection on Exchange Servers. See [Microsoft&#x27;s blog post on the Exchange Server updates](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862>) for more details.\n\n&quot;If your organization runs local exchange servers, this trio of CVEs warrant an urgent patch,&quot; said **Kevin Breen**, director of cyber threat research for **Immerse Labs**. &quot;Exchanges can be treasure troves of information, making them valuable targets for attackers. With [CVE-2022-24477](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477>), for example, an attacker can gain initial access to a user&#x27;s host and could take over the mailboxes for all exchange users, sending and reading emails and documents. For attackers focused on Business Email Compromise this kind of vulnerability can be extremely damaging.&quot;\n\nThe other two critical Exchange bugs are tracked as [CVE-2022-24516](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516>) and [CVE-2022-21980](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980>). It&#x27;s difficult to believe it&#x27;s only been a little more than a year since [malicious hackers worldwide pounced in a bevy of zero-day Exchange vulnerabilities](<https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/>) to remotely compromise the email systems for hundreds of thousands of organizations running Exchange Server locally for email. That lingering catastrophe is reminder enough that critical Exchange bugs deserve immediate attention.\n\nThe **SANS Internet Storm Center**&#x27;s [rundown on Patch Tuesday](<https://isc.sans.edu/forums/diary/Microsoft%20August%202022%20Patch%20Tuesday/28924/>) warns that a critical remote code execution bug in the Windows Point-to-Point Protocol ([CVE-2022-30133](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30133>)) could become &quot;wormable&quot; -- a threat capable of spreading across a network without any user interaction.\n\n&quot;Another critical vulnerability worth mentioning is an elevation of privilege affecting Active Directory Domain Services ([CVE-2022-34691](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34691>)),&quot; SANS wrote. &quot;According to the advisory, &#x27;An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.&#x27; A system is vulnerable only if Active Directory Certificate Services is running on the domain. **The CVSS for this vulnerability is 8.8**.&quot;\n\nBreen highlighted a set of four vulnerabilities in **Visual Studio** that earned Microsoft&#x27;s less-dire &quot;important&quot; rating but that nevertheless could be vitally important for the security of developer systems.\n\n&quot;Developers are empowered with access to API keys and deployment pipelines that, if compromised, could be significantly damaging to organizations,&quot; he said. &quot;So it\u2019s no surprise they are often targeted by more advanced attackers. Patches for their tools should not be overlooked. We\u2019re seeing a continued trend of supply-chain compromise too, making it vital that we ensure developers, and their tools, are kept up-to-date with the same rigor we apply to standard updates.&quot;\n\n**Greg Wiseman**, product manager at **Rapid7**, pointed to an interesting bug Microsoft patched in **Windows Hello**, the biometric authentication mechanism for Windows 10. Microsoft notes that the successful exploitation of the weakness requires physical access to the target device, but would allow an attacker to bypass a facial recognition check.\n\nWiseman said despite the record number of vulnerability fixes from Redmond this month, the numbers are slightly less dire.\n\n&quot;20 CVEs affect their **Chromium-based Edge** browser and 34 affect **Azure Site Recovery** (up from 32 CVEs affecting that product last month),&quot; Wiseman wrote. &quot;As usual, OS-level updates will address a lot of these, but note that some extra configuration is required to fully protect Exchange Server this month.&quot;\n\nAs it often does on Patch Tuesday, **Adobe** has also released security updates for many of its products, including **Acrobat** and **Reader**, **Adobe Commerce** and **Magento Open Source**. More details [here](<https://helpx.adobe.com/security.html>).\n\nPlease consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T23:01:10", "type": "krebs", "title": "Microsoft Patch Tuesday, August 2022 Edition", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-21980", "CVE-2022-24477", "CVE-2022-24516", "CVE-2022-30133", "CVE-2022-30134", "CVE-2022-34691", "CVE-2022-34713", "CVE-2022-35743"], "modified": "2022-08-09T23:01:10", "id": "KREBS:E877FCDD28FB558BB4B6AFF240F30EA8", "href": "https://krebsonsecurity.com/2022/08/microsoft-patch-tuesday-august-2022-edition/", "cvss": {"score": 0.0, "vector": "NONE"}}], "talosblog": [{"lastseen": "2022-08-10T16:58:32", "description": "[](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIxoLWRMhadA-_KYScFgU4r2bphbJQie1KMf5HidfCLhMK1eYN333LxM5v_EiExr0ojMt17sBFFPh4XhavE7u02EWHwd-vEkfU45UgMTDaBEdUUf9mR6_ZRuaGkrOXoRMEBSmlFYTE1F8n0wrdRBy8pN7IFwoy1K7YHKYUTnGyiWeAxLeWfSTa2rCc/s1001/patch%20tuesday.jpg>)\n\n \n_ \n_\n\n_By Jon Munshaw and Vanja Svajcer._\n\nMicrosoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday [in four months](<https://blog.talosintelligence.com/2022/04/microsoft-patch-tuesday-includes-most.html>). \n\nThis batch of updates also includes a fix for a new vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that\u2019s actively being exploited in the wild, according to Microsoft. MSDT was already the target of the so-called [\u201cFollina\u201d zero-day vulnerability](<https://blog.talosintelligence.com/2022/06/msdt-follina-coverage.html>) in June. \n\nIn all, August\u2019s Patch Tuesday includes 15 critical vulnerabilities and a single low- and moderate-severity issue. The remainder is classified as \u201cimportant.\u201d \n\nTwo of the important vulnerabilities [CVE-2022-35743](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35743>) and [CVE-2022-34713](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34713>) are remote code execution vulnerabilities in MSDT. However, only CVE-2022-34713 has been exploited in the wild and Microsoft considers it \u201cmore likely\u201d to be exploited. \n\nMicrosoft Exchange Server contains two critical elevation of privilege vulnerabilities, [CVE-2022-21980](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21980>) and [CVE-2022-24477](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24477>). An attacker could exploit this vulnerability by tricking a target into visiting a malicious, attacker-hosted server or website. In addition to applying the patch released today, potentially affected users should enable Extended Protection on vulnerable versions of the server. \n\nThe Windows Point-to-Point Tunneling Protocol is also vulnerable to three critical vulnerabilities. Two of them, [CVE-2022-35744](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35744>) and [CVE-2022-30133](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30133>), could allow an attacker to execute remote code on an RAS server machine. The other, [CVE-2022-35747](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35747>), could lead to a denial-of-service condition. CVE-2022-35744 has a CVSS severity score of 9.8 out of 10, one of the highest-rated vulnerabilities this month. An attacker could exploit these vulnerabilities by communicating via Port 1723. Affected users can render these issues unexploitable by blocking that port, though it runs the risk of disrupting other legitimate communications. \n\nAnother critical code execution vulnerability, [CVE-2022-35804](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35804>), affects the SMB Client and Server and the way the protocol handles specific requests. An attacker could exploit this on the SMB Client by configuring a malicious SMBv3 server and tricking a user into connecting to it through a phishing link. It could also be exploited in the Server by sending specially crafted packets to the server. \n\nMicrosoft recommended that users block access to Port 445 to protect against the exploitation of CVE-2022-35804. However, only certain versions of Windows 11 are vulnerable to this issue. \n\nTalos would also like to highlight eight important vulnerabilities that Microsoft considers to be \u201cmore likely\u201d to be exploited: \n\n * [CVE-2022-34699](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34699>): Win32k elevation of privilege vulnerability \n * [CVE-2022-35748](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35748>): HTTP.sys denial-of-service vulnerability \n * [CVE-2022-35750](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35750>): Win32k elevation of privilege vulnerability \n * [CVE-2022-35751](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35751>): Windows Hyper-V elevation of privilege vulnerability \n * [CVE-2022-35755](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35755>): Windows print spooler elevation of privilege vulnerability \n * [CVE-2022-35756](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35756>): Windows Kerberos elevation of privilege vulnerability \n * [CVE-2022-35761](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35761>): Windows Kernel elevation of privilege vulnerability \n * [CVE-2022-35793](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35793>): Windows Print Spooler elevation of privilege vulnerability \n\nA complete list of all the vulnerabilities Microsoft disclosed this month is available on its [update page](<https://portal.msrc.microsoft.com/en-us/security-guidance>). \n\nIn response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. \n\nThe rules included in this release that protect against the exploitation of many of these vulnerabilities are 60371 - 60380, 60382 - 60384, 60386 and 60387. There are also Snort 3 rules 300233 - 300239.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:44:00", "type": "talosblog", "title": "Microsoft Patch Tuesday for August 2022 \u2014 Snort rules and prominent vulnerabilities", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-21980", "CVE-2022-24477", "CVE-2022-30133", "CVE-2022-34699", "CVE-2022-34713", "CVE-2022-35743", "CVE-2022-35744", "CVE-2022-35747", "CVE-2022-35748", "CVE-2022-35750", "CVE-2022-35751", "CVE-2022-35755", "CVE-2022-35756", "CVE-2022-35761", "CVE-2022-35793", "CVE-2022-35804"], "modified": "2022-08-10T15:09:15", "id": "TALOSBLOG:E9524F807CE78585C607B458809D0AD7", "href": "http://blog.talosintelligence.com/2022/08/microsoft-patch-tuesday-for-august-2022.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-04T19:59:46", "description": "[](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLGV0qm1JxU91RjdxVIuHS5qpDp6eR5oqC3GXE4GKh74vcE6eErdX-odGGmldK4seEV08PmWVUMwC9eHiY-MNvEWPJqq7kEe3k9gjAfn0ai-JRQnZ3GdRiAki_wed_Ctz2-MbeTD591fAVRErXhYumK3_GFcUGqEBUmnA_aeVfgK2rZKQ7AW0eYUiY/s2000/threat-source-newsletter.jpg>)\n\n_By Jon Munshaw. _\n\n[](<https://engage2demand.cisco.com/SubscribeTalosThreatSource>)\n\nWelcome to this week\u2019s edition of the Threat Source newsletter. \n\n \n\n\nAfter what seems like forever and honestly has been a really long time, we\u2019re heading back to BlackHat in-person this year. We\u2019re excited to see a lot of old friends again to commiserate, hang out, trade stories and generally talk about security. \n\n \n\n\nThroughout the two days of the main conference, we\u2019ll have a full suite of flash talks at the Cisco Secure booth and several sponsored talks. Since this is the last edition of the newsletter before BlackHat starts, it\u2019s probably worthwhile running through all the cool stuff we\u2019ll have going on at Hacker Summer Camp. \n\n \n\n\nOur [booth should be easy enough to find](<https://www.expocad.com/host/fx/ubm/22bhusa/exfx.html>) \u2014 it\u2019s right by the main entrance to Bayside B. If you get to the Trellix Lounge, you\u2019ve gone too far north. Our researchers will be there to answer any questions you have and present on a wide variety of security topics, from research into Adobe vulnerabilities to the privacy effects of the overturn of Roe vs. Wade. Attendees who watch a lightning talk can grab a never-before-seen [Snort 3](<https://snort.org/snort3>)-themed Snorty and our malware mascot stickers, which were a [big hit at Cisco Live this year](<https://twitter.com/TalosSecurity/status/1536821931097305088>). \n\n \n\n\nWe\u2019ll also be over at the Career Center if you want to [come work with us](<https://talosintelligence.com/careers>). Or even if you don\u2019t, word on the street is there\u2019ll be silver and gold Snortys there. And on Thursday the 11th between 10 a.m. and noon local time a Talos hiring manager will be on site reviewing resumes and taking questions. \n\n \n\n\nIf you want more in-depth talks, we\u2019ll have five sponsored sessions between the 10th and 11th. If you want the latest schedule and location on those talks, be sure to [follow us on Twitter](<https://twitter.com/TalosSecurity>) or check out Cisco\u2019s BlackHat event page [here](<https://www.cisco.com/c/en/us/products/security/black-hat-usa.html>). Our sponsored talks cover Talos\u2019 latest work in Ukraine, the growing threat of business email compromise and current trends from state-sponsored actors. Make sure to catch all five of them. \n\n \n\n\nAnd if you liked our speakeasy at Cisco Live, you'll love the next secret we have in store at the BlackHat booth. Swing by and ask us about it. \n\n \n\n\nFor anyone sticking around for DEF CON, we\u2019ll also have a presence there with Blue Team Village. Drop any questions in the [Blue Team Village Discord](<https://www.blueteamvillage.org/>) for us, and be sure to attend the BTV Pool Party on Aug. 12 from 8 \u2013 11 p.m. local time. \n\n \n\n\nTo stay up to date on all things Talos at both conferences, be sure to follow us on social media. - \n\n\n \n\n## The one big thing \n\n> \n\n\nCisco Talos recently discovered [a new attack framework called \"Manjusaka\"](<https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html>) being used in the wild that could be the next evolution of Cobalt Strike \u2014 and is even advertised as so. This framework is advertised as an imitation of the Cobalt Strike framework. Although we haven't observed widespread usage of this framework in the wild, it has the potential to be adopted by threat actors all over the world. \n\n\n> ### Why do I care? \n> \n> Our researchers discovered a fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, that\u2019s freely available and can generate new implants with custom configurations with ease. This increases the likelihood of wider adoption of this framework by malicious actors. If you\u2019re a defender of any kind, you want to stay up on the latest tools attackers are likely to use. And since Cobalt Strike is already one of the most widely used out there, it\u2019s safe to assume any evolution of it is going to draw some interest. \n> \n> ### So now what? \n> \n> Organizations must be diligent against such easily available tools and frameworks that can be misused by a variety of threat actors. In-depth defense strategies based on a risk analysis approach can deliver the best results in the prevention of this framework. Talos also released Snort rule 60275 and ClamAV signature Win.Trojan.Manjusaka-9956281-1 to detect the use of Manjusaka. \n\n> \n> \n\n## Other news of note\n\n \n\n\nEverything from convenience stores to government websites in Taiwan saw an uptick in cyber attacks this week after U.S. House Speaker Nancy Pelosi visited the country this week. She was the U.S.\u2019 highest-ranking official to visit there in more than 20 years. However, many of the attacks appeared to be from low-skilled attackers and some could even be attributed to a normal uptick in traffic from a busy news day. China could still retaliate for the visit with a cyber attack against Taiwan or the U.S., as the Chinese government has voiced its displeasure over Pelosi\u2019s actions and launched several kinetic warfare exercises. ([Reuters](<https://www.reuters.com/technology/7-11s-train-stations-cyber-attacks-plague-taiwan-over-pelosi-visit-2022-08-04/>), [Washington Post](<https://www.washingtonpost.com/politics/2022/08/03/those-pelosi-inspired-cyberattacks-taiwan-probably-werent-all-they-were-cracked-up-be/>)) \n\nThe U.S. Cybersecurity and Infrastructure Security Agency is warning that attackers are actively exploiting a critical vulnerability in Atlassian Confluence disclosed last week. CISA added CVE-2022-26138, a hardcoded password vulnerability in the Questions for Confluence app, to its list of Known Exploited Vulnerabilities on Friday. Adversaries can exploit this vulnerability to gain total access to data in on-premises Confluence Server and Confluence Data Center platforms. U.S. federal agencies have three weeks to patch for the issue under CISA\u2019s new guidance. ([Dark Reading](<https://www.darkreading.com/cloud/patch-now-atlassian-confluence-bug-active-exploit>), [Bleeping Computer](<https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-confluence-bug-exploited-in-attacks/>)) \n\nNorth Korean state-sponsored actors continue to be active, recently adding a new Gmail attack to its arsenal. The infamous SharpTongue group uses the SHARPEXT malware to target organizations in the U.S., Europe and South Korea that work on nuclear weapons and other topics that North Korea sees as relevant to its national security. SHARPEXT installs a Google Chrome extension that allows the attackers to bypass users\u2019 Gmail multi-factor authentication and passwords, eventually entering the inbox and reading and downloading email and attachments. Other North Korean actors continue to use fake LinkedIn applications to apply for remote jobs, hoping to eventually steal cryptocurrency and fund the country\u2019s weapons program. ([Ars Technica](<https://arstechnica.com/information-technology/2022/08/north-korea-backed-hackers-have-a-clever-way-to-read-your-gmail/>), [Bloomberg](<https://www.bloomberg.com/news/articles/2022-08-01/north-koreans-suspected-of-using-fake-resumes-to-steal-crypto>)) \n\n \n\n\n## Can\u2019t get enough Talos? \n\n * _[Talos Takes Ep. #106: The top attacker trends from the past quarter](<https://talosintelligence.com/podcasts/shows/talos_takes/episodes/106>)_\n * _[Beers with Talos Ep. #124: There's no such thing as \"I have nothing to hide\"](<https://talosintelligence.com/podcasts/shows/beers_with_talos/episodes/124>)_\n * _[BlackHat \u2014 A poem](<https://blog.talosintelligence.com/2022/08/poems-0xCCd.html>)_\n * _[Vulnerability Spotlight: Vulnerabilities in Alyac antivirus program could stop virus scanning, cause code execution](<https://blog.talosintelligence.com/2022/05/vuln-spotlight-alyac-est.html>)_\n * _[Vulnerability Spotlight: How misusing properly serialized data opened TCL LinkHub Mesh Wi-Fi system to 17 vulnerabilities](<https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html>)_\n * _[Researcher Spotlight: You should have been listening to Lurene Grenier years ago](<https://blog.talosintelligence.com/2022/08/researcher-spotlight-you-should-have.html>)_\n * _[Manjusaka, a new attack tool similar to Sliver and Cobalt Strike](<https://securityaffairs.co/wordpress/133953/hacking/manjusaka-attack-tool.html>)_\n\n \n\n\n## Upcoming events where you can find Talos \n\n#### \n\n\n[**BlackHat**](<https://www.blackhat.com/us-22/>) **U.S.A 2022 **(Aug. 6 - 11, 2022) \nLas Vegas, Nevada \n\n \n\n\n_[USENIX Security '22](<https://www.usenix.org/conference/usenixsecurity22#registration>) _**(Aug. 10 - 12, 2022)** \nLas Vegas, Nevada \n\n \n\n\n**[DEF CON U.S.](<https://defcon.org/>) **(Aug. 11 - 14, 2022) \nLas Vegas, Nevada \n\n \n\n\n**[Security Insights 101 Knowledge Series](<https://aavar.org/securityinsights101/>) (Aug. 25, 2022)**\n\nVirtual \n\n \n\n\n## Most prevalent malware files from Talos telemetry over the past week \n\n** \n**\n\n**SHA 256: **[e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934](<https://www.virustotal.com/gui/file/e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934/details>)** \n****MD5: **93fefc3e88ffb78abb36365fa5cf857c ** \n****Typical Filename: **Wextract \n**Claimed Product: **Internet Explorer \n**Detection Name: **PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg \n\n \n\n\n**SHA 256: **[125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645](<https://www.virustotal.com/gui/file/125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645/details>) ** **\n\n**MD5: **2c8ea737a232fd03ab80db672d50a17a \n\n**Typical Filename:** LwssPlayer.scr \n\n**Claimed Product: **\u68a6\u60f3\u4e4b\u5dc5\u5e7b\u706f\u64ad\u653e\u5668 \n\n**Detection Name: **Auto.125E12.241442.in02 \n\n \n\n\n**SHA 256:** [f21b040f7c47d8d3d9c1f0ef00f09e69f2c3f0e19d91988efc0ddd4833ced121](<https://www.virustotal.com/gui/file/f21b040f7c47d8d3d9c1f0ef00f09e69f2c3f0e19d91988efc0ddd4833ced121/details>) \n\n**MD5:** 9066dff68c1d66a6d5f9f2904359876c \n\n**Typical Filename:** dota-15_id3622928ids1s.exe \n\n**Claimed Product:** N/A \n\n**Detection Name:** W32.F21B040F7C.in12.Talos \n\n \n\n\n**SHA 256: **[e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c](<https://www.virustotal.com/gui/file/e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c/details>) ** **\n\n**MD5:** a087b2e6ec57b08c0d0750c60f96a74c \n\n**Typical Filename: **AAct.exe ** **\n\n**Claimed Product:** N/A ** **\n\n**Detection Name: **PUA.Win.Tool.Kmsauto::1201** **\n\n** \n**\n\n**SHA 256: **[168e625c7eb51720f5ce1922aec6ad316b3aaca838bd864ee2bcdbd9b66171d0](<https://www.virustotal.com/gui/file/168e625c7eb51720f5ce1922aec6ad316b3aaca838bd864ee2bcdbd9b66171d0/details>) \n\n**MD5: **311d64e4892f75019ee257b8377c723e \n\n**Typical Filename: **ultrasurf-21-32.exe ** **\n\n**Claimed Product: **N/A \n\n**Detection Name: **W32.DFC.MalParent", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-04T18:00:00", "type": "talosblog", "title": "Threat Source newsletter (Aug. 4, 2022) \u2014 BlackHat 2022 preview", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-26138"], "modified": "2022-08-04T18:00:00", "id": "TALOSBLOG:1CC8B88D18FD4407B2AEF8B648A80C27", "href": "http://blog.talosintelligence.com/2022/08/threat-source-newsletter-aug-4-2022.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-07-21T20:00:40", "description": "[](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLGV0qm1JxU91RjdxVIuHS5qpDp6eR5oqC3GXE4GKh74vcE6eErdX-odGGmldK4seEV08PmWVUMwC9eHiY-MNvEWPJqq7kEe3k9gjAfn0ai-JRQnZ3GdRiAki_wed_Ctz2-MbeTD591fAVRErXhYumK3_GFcUGqEBUmnA_aeVfgK2rZKQ7AW0eYUiY/s2000/threat-source-newsletter.jpg>)\n\n_By Jon Munshaw. _\n\n[](<https://engage2demand.cisco.com/SubscribeTalosThreatSource>)\n\nWelcome to this week\u2019s edition of the Threat Source newsletter. \n\n \n\n\nI could spend time in this newsletter every week talking about fake news. There are always so many ridiculous memes, headlines, misleading stories, viral Facebook posts and manipulated media that I see come across my Instagram feed or via my wife when she shows me TikToks she favorited. \n\n \n\n\nOne recent event, though, was so crushing to me that I had to call it out specifically. [Former Japanese Prime Minister Shinzo Abe was assassinated](<https://www.nytimes.com/live/2022/07/08/world/japan-shinzo-abe-shooting>) earlier this month while making a campaign speech in public. This was a horrible tragedy marking the death of a powerful politician in one of the world\u2019s most influential countries. It was the top story in the world for several days and was even more shocking given Japan\u2019s strict gun laws and the relative infrequency of any global leaders being the target of violence. \n\n \n\n\nIt took no time for the internet at large to take this tragedy and immediately try to spin it to their whims to spread false narratives, disinformation and downright harmful fake stories that mar Abe\u2019s death and make a mockery of the 24/7 news cycle and the need for everyone to immediately have their own \u201ctake\u201d on social media. \n\n \n\n\nShortly after Abe\u2019s murder, a far-right French politician took a false claim from the infamous online forum 4chan that video game developer Hideo Kojima was the suspect who killed Abe and [shared it on Twitter.](<https://www.bbc.com/news/newsbeat-62121650>) The politician, Damien Rieu, even went as far to connect Kojima to the \u201cfar left,\u201d linking to pictures of the \u201cMetal Gear Solid\u201d creator wearing a shirt depicting the Joker and a bag with Che Guevara\u2019s face on it. Rieu\u2019s tweet was [taken as fact by a Greek television news station](<https://kotaku.com/shinzo-abe-assassin-killer-kojima-greek-news-confusion-1849157839>), which also [aired a report](<https://youtu.be/MfQPJggD1Us>) that Kojima was the assassin. \n\n \n\n\nThankfully, this claim was quickly debunked and the [politician issued an apology](<https://twitter.com/DamienRieu/status/1545460974592970752>), but Kojima and his company have [threatened legal action](<https://www.videogameschronicle.com/news/legal-action-threatened-as-hideo-kojima-falsely-linked-to-shinzo-abe-assassination/>) over the ordeal (as they should). This is an appalling scenario in which social media was quick to assign blame for Abe\u2019s assassination, then picked up by an influential person and even making it to a reputable international news station. This goes beyond the realm of the typical \u201cRussian bot\u201d fake news we think of this was a failure to run any simple fact checks before reporting a damning claim about someone. Imagine if it was just anyone who was blamed for Abe\u2019s assassination, and not someone like Kojima who has a very public platform and the funds to fight these claims. \n\n \n\n\n[](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhptqreL2kFkNoBxL-NGrBPSwlnAY8sv3eiiN0bwTAACJXRiQB69a8jp752bncymBYSD_SC9JV3jCHn73HzQMV3s950OgaXzIbQM_4Kpd4_f2245CG2E1IXo8f7zW0qGxNO2hQ6F9fA3G4J1piu7ue3esWeL2eWi-0dXgDfUl3U4YH4QKkwPiCnZxfo/s2053/Screenshot_20220720-135745.png>)\n\nPeople also took the opportunity within the first few hours of Abe\u2019s death to try and craft their own narrative using fake news and misleading information. A viral claim that he was killed over his COVID-19-related policies made the rounds, though these claims were later proven [verifiably false](<https://www.statesman.com/story/news/politics/politifact/2022/07/13/fact-check-was-shinzo-abe-assassinated-over-covid-19-response/65372187007/>). Another completely fake and manipulated screenshot claimed to show that Abe had tweeted shortly before his death that he had incriminating news about [U.S. politician Hillary Clinton](<https://apnews.com/article/Fact-Check-Fake-Shinzo-Abe-Tweet-499806264509>). \n\n \n\n\nI went on Instagram and [found a still-active post](<https://www.instagram.com/p/Cf2CODKutKG/?igshid=YmMyMTA2M2Y=>) from an account with more than 54,000 followers that indicates that Abe was assassinated because he had less-than-strict COVID policies that did not align with the \u201cglobal agenda.\u201d Instagram flagged the post as \u201cmissing context,\u201d but does not flag it as downright false and the content is still accessible as of Wednesday afternoon. \n\n \n\n\nWhat disturbs me the most about this whole event is that nothing is off limits for social media users to bend to their whim. I suppose I can't say I\u2019m surprised \u2014 ESPN even recently fell for something as silly as a fake TikTok video alleging to show a [UPS driver dunking a basketball](<https://www.snopes.com/fact-check/ups-driver-dunk-car/>) while jumping over a car. But it is a stark reminder that when breaking news occurs, no matter how serious or dangerous it is, there\u2019s always going to be people online who will be spreading fake news, disinformation and/or misinformation. This makes me miss the days when the biggest fake news story out there was [Balloon Boy](<https://www.latimes.com/entertainment/la-et-media-balloon-boy-pictures-photogallery.html>). \n\n \n\n\n \n\n## The one big thing \n\n> \n\n\nThe U.S. Cybersecurity and Infrastructure Security Agency is asking all federal agencies to [patch for an actively exploited Microsoft vulnerability](<https://threatpost.com/cisa-urges-patch-11-bug/180235/>) disclosed last week. By adding CVE-2022-22047, an elevation of privilege vulnerability affecting the Windows Client Server Runtime Subsystem (CSRSS), to its [list of known exploited vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), agencies are compelled to patch for the issue by Aug. 2. Microsoft and CISA both say attackers are actively exploiting the issue in the wild. \n\n\n> ### Why do I care? \n> \n> This vulnerability is the only one disclosed as part of [last week\u2019s Patch Tuesday](<https://blog.talosintelligence.com/2022/07/microsoft-patch-tuesday-for-july-2022.html>) that\u2019s been exploited in the wild. An attacker could exploit this vulnerability to execute code on the targeted machine as SYSTEM. However, they would need physical access to a machine to exploit the issue. That being said, if CISA is warning users that it\u2019s being actively exploited in the wild, it\u2019s good of a time as any to remember to patch. \n\n> \n> ### So now what? \n> \n> [Our Patch Tuesday blog post](<https://blog.talosintelligence.com/2022/07/microsoft-patch-tuesday-for-july-2022.html>) contains links to Microsoft\u2019s updates for Patch Tuesday and a rundown of other vulnerabilities you should know about. Additionally, we have [multiple Snort rules](<https://snort.org/advisories/talos-rules-2022-07-12>) that can detect attempts to exploit CVE-2022-22047. \n\n> \n> \n\n## Other news of note\n\n \n\n\nThe U.S. Department of Homeland Security declared the Log4shell vulnerability is \u201cendemic\u201d and will present a risk to organizations for at least the next decade. A new report into the major vulnerability in Log4j declared that the open-source community does not have enough resources to properly secure its code and needs the public and private sector to assist with the implementation of patches. They also warned that there are still many instances of vulnerable software that attackers could take advantage of. The DHS report also says the original vulnerable code could have been detected in 2013 had the reviewers had the time had the appropriate cybersecurity knowledge to spot the flaw. That being said, the investigating panel said there were no major cyber attacks against U.S. critical infrastructure leveraging Log4shell. ([Dark Reading](<https://www.darkreading.com/application-security/dhs-review-board-deems-log4j-an-endemic-cyber-threat>), [Associated Press](<https://apnews.com/article/biden-technology-software-hacking-4361f6e9b386259609b05b389db4d7bf>), [ZDNet](<https://www.zdnet.com/article/log4j-flaw-why-it-will-still-be-causing-problems-a-decade-from-now/>)) \n\nThe European Union is warning that increased cyber attacks from Russian state-sponsored actors run the risk of unnecessary escalation and spillover effects to all of Europe. A formal EU declaration says that member nations \u201cstrongly condemn this unacceptable behaviour in cyberspace and express solidarity with all countries that have fallen victim.\u201d A Lithuanian energy firm was the recent target of a distributed denial-of-service attack that the country said was the largest cyber attack in a decade. Belgian leaders also say their country was recently targeted by several Chinese state-sponsored groups. ([Bleeping Computer](<https://www.bleepingcomputer.com/news/security/eu-warns-of-russian-cyberattack-spillover-escalation-risks/>), [Council of the European Union](<https://www.consilium.europa.eu/en/press/press-releases/2022/07/19/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-malicious-cyber-activities-conducted-by-hackers-and-hacker-groups-in-the-context-of-russia-s-aggression-against-ukraine/>), [Infosecurity Magazine](<https://www.infosecurity-magazine.com/news/lithuanian-energy-ddos-attack/>)) \n\nA relatively small botnet is suspected to be behind more than 3,000 recent distributed denial-of-service attacks. The Mantis botnet, which is suspected to be an evolution of Meris, has already targeted users in Germany, Taiwan, South Korea, Japan, the U.S. and the U.K. Most recently, it launched a malware campaign against Android users in France, using malicious SMS messages to lure victims into downloading malware that adds devices to the botnet\u2019s growing system. Security researchers say users have already downloaded the malware about 90,000 times. ([Bleeping Computer](<https://www.bleepingcomputer.com/news/security/roaming-mantis-hits-android-and-ios-users-in-malware-phishing-attacks/>), [ZDNet](<https://www.zdnet.com/article/this-tiny-botnet-is-launching-the-most-powerful-ddos-attacks-yet/>)) \n\n \n\n\n## Can\u2019t get enough Talos? \n\n * _[Vulnerability Spotlight: Issue in Accusoft ImageGear could lead to memory corruption, code execution](<https://blog.talosintelligence.com/2022/07/accusoft-vuln-spotlight-.html>)_\n * _[EMEAR Monthly Talos Update: Training the next generation of cybersecurity researchers](<https://blog.talosintelligence.com/2022/07/emear-monthly-talos-update-training.html>)_\n * _[Beers with Talos Ep. #123: Hunting for ransomware actors on *whispers* the dark web](<https://talosintelligence.com/podcasts/shows/beers_with_talos/episodes/123>)_\n * _[Talos Takes Ep. #104: The psychology of multi-factor authentication](<https://talosintelligence.com/podcasts/shows/talos_takes/episodes/104>)_\n * _[Pakistani Hackers Targeting Indian Students in Latest Malware Campaign](<https://thehackernews.com/2022/07/pakistani-hackers-targeting-indian.html>)_\n \n\n\n \n\n\n## Upcoming events where you can find Talos \n\n#### \n\n\n**[A New HOPE](<https://www.hope.net/index.html>) **(July 22 - 24, 2022) \nNew York City \n\n \n\n\n**[CTIR On Air](<https://www.linkedin.com/video/event/urn:li:ugcPost:6954879507132481537/>) **(July 28, 2022) \nTalos Twitter, LinkedIn and YouTube pages\n\n[ \n](<https://www.ciscolive.com/global.html>)[**BlackHat**](<https://www.blackhat.com/us-22/>) **U.S. **(Aug. 6 - 11, 2022) \nLas Vegas, Nevada \n\n \n\n\n**[DEF CON U.S.](<https://defcon.org/>) **(Aug. 11 - 14, 2022) \nLas Vegas, Nevada \n\n \n\n\n \n\n\n## Most prevalent malware files from Talos telemetry over the past week \n\n** \n**\n\n**SHA 256: **[9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507](<https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507/details>) \n\n**MD5: **2915b3f8b703eb744fc54c81f4a9c67f \n\n**Typical Filename: **VID001.exe ** **\n\n**Claimed Product:** N/A** **\n\n**Detection Name: **Win.Worm.Coinminer::1201 \n\n** \n**\n\n**SHA 256: **[e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934](<https://www.virustotal.com/gui/file/e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934/details>)** \n****MD5: **93fefc3e88ffb78abb36365fa5cf857c ** \n****Typical Filename: **Wextract \n**Claimed Product: **Internet Explorer \n**Detection Name: **PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg \n\n \n\n\n**SHA 256: **[e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c](<https://www.virustotal.com/gui/file/e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c/details>) ** **\n\n**MD5:** a087b2e6ec57b08c0d0750c60f96a74c \n\n**Typical Filename: **AAct.exe ** **\n\n**Claimed Product:** N/A ** **\n\n**Detection Name: **PUA.Win.Tool.Kmsauto::1201** **\n\n** \n**\n\n**SHA 256: **[ea500d77aabc3c9d440480002c3f1d2f2977a7f860f35260edda8a26406ca1c3](<https://www.virustotal.com/gui/file/ea500d77aabc3c9d440480002c3f1d2f2977a7f860f35260edda8a26406ca1c3/details>)** **\n\n**MD5: **5741eadfc89a1352c61f1ff0a5c01c06** **\n\n**Typical Filename: **3.exe \n\n**Claimed Product: **N/A\n\n**Detection Name: **W32.DFC.MalParent \n\n \n\n\n**SHA 256: **[125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645](<https://www.virustotal.com/gui/file/125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645/details>) ** **\n\n**MD5: **2c8ea737a232fd03ab80db672d50a17a \n\n**Typical Filename:** LwssPlayer.scr \n\n**Claimed Product: **\u68a6\u60f3\u4e4b\u5dc5\u5e7b\u706f\u64ad\u653e\u5668 \n\n**Detection Name: **Auto.125E12.241442.in02", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-21T18:00:00", "type": "talosblog", "title": "Threat Source newsletter (July 21, 2022) \u2014 No topic is safe from being targeted by fake news and disinformation", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22047"], "modified": "2022-07-21T18:00:00", "id": "TALOSBLOG:F032D3BBC6D695272384D4A3821130BF", "href": "http://blog.talosintelligence.com/2022/07/threat-source-newsletter-july-21-2022.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-02T23:58:44", "description": "A recently discovered zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) made headlines over the past few days. CVE-2022-30190, also known under the name \"Follina,\" exists when MSDT is called using the URL protocol from an application, such as Microsoft Office, Microsoft... \n \n[[ This is only the beginning! Please visit the blog for the complete entry ]]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-02T14:53:52", "type": "talosblog", "title": "Threat Advisory: Zero-day vulnerability in Microsoft diagnostic tool MSDT could lead to code execution", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-06-02T14:53:52", "id": "TALOSBLOG:DE5281D9A4A03E4FA1F2A0B62B527489", "href": "http://blog.talosintelligence.com/2022/06/msdt-follina-coverage.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "prion": [{"lastseen": "2023-11-20T23:39:03", "description": "VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T20:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31672"], "modified": "2023-08-08T14:22:00", "id": "PRION:CVE-2022-31672", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-31672", "cvss": {"score": 5.8, "vector": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:39:03", "description": "VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T20:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31673"], "modified": "2023-08-08T14:21:00", "id": "PRION:CVE-2022-31673", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-31673", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:44:29", "description": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35796"], "modified": "2023-05-31T19:15:00", "id": "PRION:CVE-2022-35796", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-35796", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:39:07", "description": "VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-10T20:15:00", "type": "prion", "title": "Authentication flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31675"], "modified": "2023-08-08T14:22:00", "id": "PRION:CVE-2022-31675", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-31675", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-20T23:43:11", "description": "Windows Network File System Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34715"], "modified": "2023-05-31T19:15:00", "id": "PRION:CVE-2022-34715", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-34715", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:41:41", "description": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33636"], "modified": "2023-05-31T19:15:00", "id": "PRION:CVE-2022-33636", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-33636", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:39:03", "description": "VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-08-10T20:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31674"], "modified": "2022-08-15T18:56:00", "id": "PRION:CVE-2022-31674", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-31674", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-11-20T23:41:42", "description": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Security feature bypass", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33649"], "modified": "2023-05-31T19:15:00", "id": "PRION:CVE-2022-33649", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-33649", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:44:27", "description": "Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35766"], "modified": "2023-08-08T14:21:00", "id": "PRION:CVE-2022-35766", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-35766", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:36:19", "description": "Microsoft Exchange Server Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30134"], "modified": "2023-05-31T19:15:00", "id": "PRION:CVE-2022-30134", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-30134", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-11-20T23:44:30", "description": "SMB Client and Server Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35804"], "modified": "2023-05-31T19:15:00", "id": "PRION:CVE-2022-35804", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-35804", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:21:38", "description": "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-10T09:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20827"], "modified": "2022-08-12T18:07:00", "id": "PRION:CVE-2022-20827", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-20827", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:21:40", "description": "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-10T09:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20842"], "modified": "2022-08-12T18:09:00", "id": "PRION:CVE-2022-20842", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-20842", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:44:29", "description": "Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35794"], "modified": "2023-05-31T19:15:00", "id": "PRION:CVE-2022-35794", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-35794", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:41:41", "description": "Azure Batch Node Agent Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33646"], "modified": "2023-06-01T02:15:00", "id": "PRION:CVE-2022-33646", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-33646", "cvss": {"score": 3.5, "vector": "AV:L/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:21:40", "description": "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-10T08:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20841"], "modified": "2022-08-15T14:18:00", "id": "PRION:CVE-2022-20841", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-20841", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:42:34", "description": "A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-26T18:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34302"], "modified": "2023-11-14T19:15:00", "id": "PRION:CVE-2022-34302", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-34302", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:42:34", "description": "A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-26T18:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34301"], "modified": "2023-11-14T19:15:00", "id": "PRION:CVE-2022-34301", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-34301", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:42:34", "description": "A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-26T18:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34303"], "modified": "2023-11-14T19:15:00", "id": "PRION:CVE-2022-34303", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-34303", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:43:11", "description": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34713"], "modified": "2023-05-31T19:15:00", "id": "PRION:CVE-2022-34713", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-34713", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:43:09", "description": "Active Directory Domain Services Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34691"], "modified": "2023-05-31T19:15:00", "id": "PRION:CVE-2022-34691", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-34691", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:44:24", "description": "Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-31T19:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35744"], "modified": "2023-06-08T01:44:00", "id": "PRION:CVE-2022-35744", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-35744", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:36:18", "description": "Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30133"], "modified": "2023-05-31T19:15:00", "id": "PRION:CVE-2022-30133", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-30133", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:30:47", "description": "The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-20T18:15:00", "type": "prion", "title": "Hardcoded credentials", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26138"], "modified": "2022-08-04T14:13:00", "id": "PRION:CVE-2022-26138", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-26138", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:44:29", "description": "Windows Print Spooler Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.7, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.1, "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35793"], "modified": "2023-05-31T19:15:00", "id": "PRION:CVE-2022-35793", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-35793", "cvss": {"score": 4.1, "vector": "AV:L/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:44:25", "description": "Windows Print Spooler Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-31T19:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.7, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.1, "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35755"], "modified": "2023-06-07T20:23:00", "id": "PRION:CVE-2022-35755", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-35755", "cvss": {"score": 4.1, "vector": "AV:L/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:23:51", "description": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T23:15:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22047"], "modified": "2023-08-08T14:21:00", "id": "PRION:CVE-2022-22047", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-22047", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-20T23:25:26", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T02:15:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-11-29T15:54:00", "id": "PRION:CVE-2022-2294", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-03T15:38:56", "description": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-33649", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33649"], "modified": "2023-05-31T19:15:00", "cpe": [], "id": "CVE-2022-33649", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33649", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T15:31:08", "description": "VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-10T20:15:00", "type": "cve", "title": "CVE-2022-31675", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31675"], "modified": "2023-08-08T14:22:00", "cpe": [], "id": "CVE-2022-31675", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31675", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2023-12-03T15:31:07", "description": "VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T20:15:00", "type": "cve", "title": "CVE-2022-31672", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31672"], "modified": "2023-08-08T14:22:00", "cpe": [], "id": "CVE-2022-31672", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31672", "cvss": {"score": 5.8, "vector": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T15:31:06", "description": "VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T20:15:00", "type": "cve", "title": "CVE-2022-31673", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31673"], "modified": "2023-08-08T14:21:00", "cpe": [], "id": "CVE-2022-31673", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31673", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T15:38:52", "description": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-33636", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33636"], "modified": "2023-05-31T19:15:00", "cpe": [], "id": "CVE-2022-33636", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33636", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T14:39:39", "description": "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-10T09:15:00", "type": "cve", "title": "CVE-2022-20827", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20827"], "modified": "2023-11-07T03:43:00", "cpe": [], "id": "CVE-2022-20827", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20827", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T15:43:33", "description": "Windows Network File System Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-34715", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34715"], "modified": "2023-05-31T19:15:00", "cpe": ["cpe:/o:microsoft:windows_server_2022:-"], "id": "CVE-2022-34715", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34715", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:31:06", "description": "VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-08-10T20:15:00", "type": "cve", "title": "CVE-2022-31674", "cwe": ["CWE-532"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31674"], "modified": "2022-08-15T18:56:00", "cpe": [], "id": "CVE-2022-31674", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31674", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-12-03T14:39:46", "description": "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-10T08:15:00", "type": "cve", "title": "CVE-2022-20841", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20841"], "modified": "2023-11-07T03:43:00", "cpe": [], "id": "CVE-2022-20841", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20841", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T15:48:04", "description": "Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-35766", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35766"], "modified": "2023-08-08T14:21:00", "cpe": ["cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-35766", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35766", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*"]}, {"lastseen": "2023-12-03T15:48:13", "description": "Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-35794", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35794"], "modified": "2023-05-31T19:15:00", "cpe": ["cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-35794", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35794", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*"]}, {"lastseen": "2023-12-03T14:39:48", "description": "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T09:15:00", "type": "cve", "title": "CVE-2022-20842", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20842"], "modified": "2023-11-07T03:43:00", "cpe": [], "id": "CVE-2022-20842", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20842", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T15:48:14", "description": "Windows Print Spooler Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-35793", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.7, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.1, "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35793"], "modified": "2023-05-31T19:15:00", "cpe": ["cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-35793", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35793", "cvss": {"score": 4.1, "vector": "AV:L/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2023-12-03T15:48:14", "description": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-35796", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35796"], "modified": "2023-05-31T19:15:00", "cpe": [], "id": "CVE-2022-35796", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35796", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T15:48:17", "description": "SMB Client and Server Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-35804", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35804"], "modified": "2023-05-31T19:15:00", "cpe": ["cpe:/o:microsoft:windows_11:-"], "id": "CVE-2022-35804", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35804", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2023-12-03T15:23:45", "description": "Microsoft Exchange Server Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-30134", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30134"], "modified": "2023-05-31T19:15:00", "cpe": ["cpe:/a:microsoft:exchange_server:2013", "cpe:/a:microsoft:exchange_server:2016", "cpe:/a:microsoft:exchange_server:2019"], "id": "CVE-2022-30134", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30134", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*", "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:41:39", "description": "A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-26T18:15:00", "type": "cve", "title": "CVE-2022-34302", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34302"], "modified": "2023-11-14T19:15:00", "cpe": ["cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:redhat:enterprise_linux:9.0"], "id": "CVE-2022-34302", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34302", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:41:46", "description": "A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-26T18:15:00", "type": "cve", "title": "CVE-2022-34303", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34303"], "modified": "2023-11-14T19:15:00", "cpe": ["cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:redhat:enterprise_linux:9.0"], "id": "CVE-2022-34303", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34303", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:41:39", "description": "A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-26T18:15:00", "type": "cve", "title": "CVE-2022-34301", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34301"], "modified": "2023-11-14T19:15:00", "cpe": ["cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:redhat:enterprise_linux:9.0"], "id": "CVE-2022-34301", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34301", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:23:44", "description": "Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-30133", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30133"], "modified": "2023-05-31T19:15:00", "cpe": ["cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-30133", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30133", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2023-12-03T15:47:56", "description": "Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-31T19:15:00", "type": "cve", "title": "CVE-2022-35744", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35744"], "modified": "2023-06-08T01:44:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_20h2:-", "cpe:/o:microsoft:windows_server_2008:-"], "id": "CVE-2022-35744", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35744", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2023-12-03T15:05:48", "description": "The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-20T18:15:00", "type": "cve", "title": "CVE-2022-26138", "cwe": ["CWE-798"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26138"], "modified": "2022-08-04T14:13:00", "cpe": ["cpe:/a:atlassian:questions_for_confluence:2.7.34", "cpe:/a:atlassian:questions_for_confluence:3.0.2", "cpe:/a:atlassian:questions_for_confluence:2.7.35"], "id": "CVE-2022-26138", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26138", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:atlassian:questions_for_confluence:2.7.34:*:*:*:*:*:*:*", "cpe:2.3:a:atlassian:questions_for_confluence:2.7.35:*:*:*:*:*:*:*", "cpe:2.3:a:atlassian:questions_for_confluence:3.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:43:39", "description": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-34713", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34713"], "modified": "2023-05-31T19:15:00", "cpe": ["cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-34713", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34713", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2023-12-03T15:43:24", "description": "Active Directory Domain Services Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-34691", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34691"], "modified": "2023-05-31T19:15:00", "cpe": ["cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-34691", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34691", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2023-12-03T15:48:02", "description": "Windows Print Spooler Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-31T19:15:00", "type": "cve", "title": "CVE-2022-35755", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.7, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.1, "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-35755"], "modified": "2023-06-07T20:23:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_20h2:-"], "id": "CVE-2022-35755", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35755", "cvss": {"score": 4.1, "vector": "AV:L/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:38:58", "description": "Azure Batch Node Agent Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-33646", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33646"], "modified": "2023-06-01T02:15:00", "cpe": [], "id": "CVE-2022-33646", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33646", "cvss": {"score": 3.5, "vector": "AV:L/AC:H/Au:S/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T14:45:54", "description": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T23:15:00", "type": "cve", "title": "CVE-2022-22047", "cwe": ["CWE-426"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22047"], "modified": "2023-08-08T14:21:00", "cpe": ["cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-22047", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22047", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2023-12-03T14:50:20", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2294", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2023-11-25T11:15:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:fedoraproject:fedora:35", "cpe:/a:fedoraproject:extra_packages_for_enterprise_linux:8.0", "cpe:/a:webrtc_project:webrtc:-", "cpe:/o:fedoraproject:fedora:36"], "id": "CVE-2022-2294", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:a:webrtc_project:webrtc:-:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*"]}], "srcincite": [{"lastseen": "2023-12-03T16:51:37", "description": "**Vulnerability Details:**\n\nThis vulnerability allows local attackers to escalate privileges on affected installations of VMware vRealize Operations Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within generateSupportBundle.py script. The issue results from allowing attackers to specify the VCOPS_BASE environment variable which is later used to construct a path. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.\n\n**Affected Vendors:**\n\nVMWare\n\n**Affected Products:**\n\nvRealize Operations\n\n**Vendor Response:**\n\nVMWare has issued an update to correct this vulnerability. More details can be found at: <https://www.vmware.com/security/advisories/VMSA-2022-0022.html>\n**Proof of Concept:** \n<https://github.com/sourceincite/DashOverride>\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-26T00:00:00", "type": "srcincite", "title": "SRC-2022-0020 : VMware vRealize Operations Manager generateSupportBundle VCOPS_BASE Privilege Escalation Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31672"], "modified": "2022-08-09T00:00:00", "id": "SRC-2022-0020", "href": "https://srcincite.io/advisories/src-2022-0020/", "sourceData": "", "sourceHref": "https://github.com/sourceincite/DashOverride", "cvss": {"score": 5.8, "vector": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:51:37", "description": "**Vulnerability Details:**\n\nThis vulnerability allows remote attackers to bypass authentication on affected installations of VMware vRealize Operations. Authentication is not required to exploit this vulnerability. The specific flaw exists within MainPortalFilter class.\n\nThe issue results from the ability to request access to protected resources using a publically available dashboard link. An attacker can leverage this vulnerability to execute code in the context of the root user.\n\n**Affected Vendors:**\n\nVMWare\n\n**Affected Products:**\n\nvRealize Operations\n\n**Vendor Response:**\n\nVMWare has issued an update to correct this vulnerability. More details can be found at: <https://www.vmware.com/security/advisories/VMSA-2022-0022.html>\n**Proof of Concept:** \n<https://github.com/sourceincite/DashOverride>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-26T00:00:00", "type": "srcincite", "title": "SRC-2022-0017 : VMware vRealize Operations Manager MainPortalFilter Authentication Bypass Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31675"], "modified": "2022-08-09T00:00:00", "id": "SRC-2022-0017", "href": "https://srcincite.io/advisories/src-2022-0017/", "sourceData": "", "sourceHref": "https://github.com/sourceincite/DashOverride", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T16:51:37", "description": "**Vulnerability Details:**\n\nThis vulnerability allows remote attackers to leak sensitive information in VMware vRealize Operations. Authentication is required to exploit this vulnerability however the existing authentication mechanism can be bypassed.\n\nThe issue results from the ability to request access create and access heap dumps. An attacker can leverage this vulnerability to escalate access and achieve remote code execution as the root user.\n\n**Affected Vendors:**\n\nVMWare\n\n**Affected Products:**\n\nvRealize Operations\n\n**Vendor Response:**\n\nVMWare has issued an update to correct this vulnerability. More details can be found at: <https://www.vmware.com/security/advisories/VMSA-2022-0022.html>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-26T00:00:00", "type": "srcincite", "title": "SRC-2022-0018 : VMware vRealize Operations Manager DeploymentNodeLevelController Information Disclosure Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31673"], "modified": "2022-08-09T00:00:00", "id": "SRC-2022-0018", "href": "https://srcincite.io/advisories/src-2022-0018/", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:51:37", "description": "**Vulnerability Details:**\n\nThis vulnerability allows remote attackers to leak sensitive information in VMware vRealize Operations. Authentication is required to exploit this vulnerability however the existing authentication mechanism can be bypassed.\n\nThe issue results from the ability to access log files that contain sensitive data. An attacker can leverage this vulnerability to escalate access and achieve remote code execution as the root user.\n\n**Affected Vendors:**\n\nVMWare\n\n**Affected Products:**\n\nvRealize Operations\n\n**Vendor Response:**\n\nVMWare has issued an update to correct this vulnerability. More details can be found at: <https://www.vmware.com/security/advisories/VMSA-2022-0022.html>\n**Proof of Concept:** \n<https://github.com/sourceincite/DashOverride>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-05-26T00:00:00", "type": "srcincite", "title": "SRC-2022-0019 : VMware vRealize Operations Manager SupportLogAction Information Disclosure Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31674"], "modified": "2022-08-09T00:00:00", "id": "SRC-2022-0019", "href": "https://srcincite.io/advisories/src-2022-0019/", "sourceData": "", "sourceHref": "https://github.com/sourceincite/DashOverride", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "cnvd": [{"lastseen": "2022-08-11T16:36:34", "description": "Microsoft Edge is a Web browser that comes with post-Windows 10 versions of Microsoft Corporation (Microsoft). Microsoft Edge has a security vulnerability that stems from the existence of a remote code execution vulnerability. No detailed vulnerability details are available at this time.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-09T00:00:00", "type": "cnvd", "title": "Microsoft Edge has an unspecified vulnerability (CNVD-2022-56255)", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-33636"], "modified": "2022-08-11T00:00:00", "id": "CNVD-2022-56255", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-56255", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdi": [{"lastseen": "2023-12-03T20:34:48", "description": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wfapp application. A crafted server response can trigger execution of a system call composed from a attacker-supplied string. An attacker can leverage this vulnerability to execute code in the context of root.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-04T00:00:00", "type": "zdi", "title": "Cisco RV340 wfapp Command Injection Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20827"], "modified": "2022-08-04T00:00:00", "id": "ZDI-22-1047", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-1047/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T20:31:30", "description": "This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability. The specific flaw exists within the issuance of certificates. By including crafted data in a certificate request, an attacker can obtain a certificate that allows the attacker to authenticate to a domain controller with a high level of privilege. An attacker can leverage this vulnerability to escalate privileges and disclose stored credentials, leading to further compromise.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-29T00:00:00", "type": "zdi", "title": "Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34691"], "modified": "2022-09-29T00:00:00", "id": "ZDI-22-1324", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-1324/", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:14:14", "description": "This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability. The specific flaw exists within the issuance of certificates. By including crafted data in a certificate request, an attacker can obtain a certificate that allows the attacker to authenticate to a domain controller with a high level of privilege. An attacker can leverage this vulnerability to escalate privileges and disclose stored credentials, leading to further compromise.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-24T00:00:00", "type": "zdi", "title": "Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34691"], "modified": "2023-05-24T00:00:00", "id": "ZDI-23-722", "href": "https://www.zerodayinitiative.com/advisories/ZDI-23-722/", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T20:33:28", "description": "This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability. The specific flaw exists within the issuance of certificates. By including crafted data in a certificate request, an attacker can obtain a certificate that allows the attacker to authenticate as a domain administrator. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code on domain-joined endpoints.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T00:00:00", "type": "zdi", "title": "Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34691"], "modified": "2022-09-06T00:00:00", "id": "ZDI-22-1185", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-1185/", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2022-09-28T02:11:41", "description": "# CVE-2022-20841 + PoC\nCisco Small Business RCE [included mass e...", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-09-27T18:09:49", "type": "githubexploit", "title": "Exploit for Improper Input Validation in Cisco Rv160 Firmware", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-20841"], "modified": "2022-09-28T01:28:53", "id": "B69B0D79-4B1C-5E72-9D58-1F835E023023", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2022-09-21T05:01:52", "description": "# CVE-2022-20841-RCE\nCisco RV series unauthenticated RCE laoder ...", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-09-20T14:51:26", "type": "githubexploit", "title": "Exploit for Improper Input Validation in Cisco Rv160 Firmware", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-20841"], "modified": "2022-09-21T01:42:40", "id": "B4FCA336-9654-5679-8C30-5F52DCCB29D5", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:25:34", "description": "# CVE-2022-26138\n\n# 1.\u7b80\u4ecb\nConfluence Hardcoded Password POC\n\n#...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-30T07:14:52", "type": "githubexploit", "title": "Exploit for Use of Hard-coded Credentials in Atlassian Questions For Confluence", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26138"], "modified": "2023-09-28T11:41:19", "id": "120220D8-2281-57EE-BD84-1A33B8841E56", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:25:43", "description": "# Confluence-Question-CVE-2022-26138\nAtlassian Confluence Server...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-28T09:48:21", "type": "githubexploit", "title": "Exploit for Use of Hard-coded Credentials in Atlassian Questions For Confluence", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26138"], "modified": "2023-09-28T11:41:13", "id": "E443E98A-3304-54B8-97FD-0FEF9DA283B3", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-09-28T02:11:42", "description": "# CVE-2022-20841 + PoC\nCisco Small Business RCE [included mass e...", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-09-27T18:09:49", "type": "githubexploit", "title": "Exploit for Improper Input Validation in Cisco Rv160 Firmware", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-20841"], "modified": "2022-09-28T01:28:53", "id": "C1903865-87CF-5837-B7B3-B109286B1611", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:35:55", "description": "# **_\ud83e\ude79CVE-2022-30190 Temporary Fix\ud83e\ude79 (Source Code)_**\nThese are t...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-12T11:48:22", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-06-15T10:20:20", "id": "4881AA63-B127-594A-8F5B-ED68FD4BB9FF", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:40:53", "description": "# Follina - CVE-2022-30190\n\nFollina is a zero day allowing code ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-02T15:39:20", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-10-02T00:23:18", "id": "8516D742-8A1C-521C-8372-26BA9FBA2200", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:40:58", "description": "# CVE-2022-30190-Follina-Patch\nThis is a simple program allows y...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-02T13:43:20", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-07-01T22:07:49", "id": "A4440EF1-5891-5FCD-BA92-DD2B6E54C7F0", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:41:22", "description": "# MSDT Patcher, a.k.a. CVE-2022-30190-NSIS\nThis is an NSIS scrip...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-01T18:58:07", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-06-07T08:02:05", "id": "5E983FEF-4BE8-5A69-BABE-3CFFC983F1B5", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:35:11", "description": "# follina-CVE-2022-30190\nfollina zer...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-15T22:49:21", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-06-16T00:04:19", "id": "6AF23F99-AE40-5899-AD81-AE3F71760F38", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T17:01:25", "description": "# CVE-2022-30190 (Follina)\n\n[![build.yml](https://github.com/win...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-15T16:12:57", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-08-29T16:29:42", "id": "7FAB36AD-345E-5C1B-B259-20BF0E7DE97A", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T17:01:28", "description": "# CVE-2022-30190-follina\nJust another PoC for the new MSDT-Explo...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-01T11:37:08", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-09-28T11:39:19", "id": "B2474BAA-4133-5059-8F0B-5BAAE9664466", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T16:46:41", "description": "# CVE 30190\n\n> Amine TITROFINE | December 17, 2022\n\n------------...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-14T13:38:43", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-10-26T20:33:52", "id": "3CCF78E3-E22A-54A3-907C-1D687E20BE7C", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T16:48:51", "description": "# CVE-2022-30190\n\n> Based on https://github.com/JohnHammond/msdt...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-02T07:56:28", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-07-26T14:55:29", "id": "CEC4033D-26C5-5A07-8D86-31A7AF928BDB", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:25:05", "description": "# Five Nights at Follina's\nA Fullstack Academy Cybersecurity pro...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-01T16:47:50", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-08-05T16:10:38", "id": "633FDFCF-0DF4-5FE6-B5DF-85F847D6D31E", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-06-02T22:59:27", "description": "# CVE-2022-30190-mass-rce\nCVE-2022-30190 Zero click rce Mass Exp...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-02T17:28:27", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-06-02T17:31:11", "id": "75389328-1B05-5056-B8C0-C624BF0343AD", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T19:55:54", "description": "[...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-19T18:09:47", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-09-28T11:43:57", "id": "DD36D028-7FB1-5824-9756-09BA3927DCEE", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:37:47", "description": "# CVE-2022-30190 - Microsoft Support Diagnostic Tool\n\n## About\n\n...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-07T10:07:52", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-09-28T11:39:30", "id": "F8ECE1BA-CC33-5566-B57C-1AB243A48E28", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:41:27", "description": "# follina (POC)\nAll about CVE-2022-30190, aka follina, that is a...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-03T00:25:37", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-10-23T21:37:30", "id": "221070D3-0B31-5CF7-A508-B4740B63647B", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:43:00", "description": "# Follina Proof of Concept (CVE-2022-30190)\n\nQuick and easy \"pro...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-31T10:47:57", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-07-17T17:01:27", "id": "02FCE52D-5E91-5C57-A40A-DE4FF7C726A3", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:14:13", "description": "<h1 align='center'><b> Follina-attack-CVE-2022-30190-</b></h1><b...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-06T11:41:43", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-10-06T15:42:31", "id": "E7177DCC-97D5-5A91-8A06-124DD3CB9739", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:34:07", "description": "# CVE-2022-30190_EXP_PowerPoint\n\nThis is exploit of CVE-2022-301...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-29T08:48:12", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-09-28T11:40:13", "id": "705BFDF7-98C8-5300-AB18-E9EEE465AE5F", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-10-23T20:04:43", "description": "# CVE-2022-30190\n**S...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-23T15:24:43", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2022-10-23T15:34:15", "id": "E917FE93-F06C-5F70-915F-A5F48A30B044", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:35:27", "description": "# FollinaExtractor\nExtract ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-15T02:22:53", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-11-24T20:26:05", "id": "675E960A-9F2E-5575-8C21-8528492BE5C6", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T20:35:42", "description": "# Follina-CVE-2022-30190-Unofficial-patch-\nAn Unofficial Patch F...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-13T04:20:02", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-09-28T11:39:41", "id": "56417A88-33CB-520F-8FC3-4F3E49561DDC", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T15:41:11", "description": "# AmzWord\r\n\r\nan automated attack chain based on CVE-2022-30190, ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-11-28T03:47:32", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-11-28T07:49:28", "id": "296ECE66-CC92-53E6-9959-06669247F867", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-12-03T17:32:01", "description": "# Follina-CVE-2022-30190-Sample-by-ethical-blue\n Educational Fol...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-25T16:27:59", "type": "githubexploit", "title": "Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190"], "modified": "2023-07-01T22:51:35", "id": "FB757D3A-A896-5AB5-B72B-7C880581D12E", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "attackerkb": [{"lastseen": "2023-10-18T16:35:25", "description": "The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-20T00:00:00", "type": "attackerkb", "title": "CVE-2022-26138", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26138"], "modified": "2023-10-07T00:00:00", "id": "AKB:8049CCA9-ACA9-4288-8493-4153794BD621", "href": "https://attackerkb.com/topics/BUK2DJ8uhl/cve-2022-26138", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-18T16:35:35", "description": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T00:00:00", "type": "attackerkb", "title": "CVE-2022-22047", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22047"], "modified": "2023-10-07T00:00:00", "id": "AKB:0B6E13D5-84E0-4D3E-BD21-781032FA30ED", "href": "https://attackerkb.com/topics/SzYymWZIy5/cve-2022-22047", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-18T16:35:25", "description": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T00:00:00", "type": "attackerkb", "title": "CVE-2022-34713", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34713"], "modified": "2023-10-08T00:00:00", "id": "AKB:06DA4012-8C8E-4534-A099-AE4F2449F9B3", "href": "https://attackerkb.com/topics/B3Zx5VDSPc/cve-2022-34713", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-18T16:35:39", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at July 05, 2022 3:18am UTC reported:\n\nLooks like this was a heap buffer overflow in WebRTC which could allow for a drive by attack that would grant attackers RCE on a target system. No news as to whether or not this was used with a sandbox escape though, It was reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 according to <https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>, yet interestingly <https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html> also note it affects Chrome for Android.\n\nThere is a real world exploit for this out in the wild but given the generally tight lipped news around this and that it was found from a threat intelligence team, I would imagine this may have been used in more targeted attacks, but still widely enough that a threat intelligence team picked up on it. Bit hard to tell though since I hadn\u2019t heard about the Avast Threat Intelligence team prior to this; I imagine its possible one of their customers was targeted selectively and then they found out and notified Google.\n\nWith heap overflow bugs I generally err on the side of \u201cwell these things are harder to exploit\u201d however with browsers you typically have access to a much wider arsenal to use for crafting the heap into a state that is desirable for exploitation purposes, so the risk is a bit higher here. That being said exploitation of such bugs tends to be a little more complex in most cases, particularly given recent mitigations. I\u2019d still recommend patching this one if you can, but if not then you should try to disable WebRTC on your browsers until you can patch given in the wild exploitation.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "attackerkb", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2023-10-08T00:00:00", "id": "AKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61", "href": "https://attackerkb.com/topics/42OzzPsFw0/cve-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "atlassian": [{"lastseen": "2023-12-03T16:04:35", "description": "(i) *Update:* This advisory has been updated since its original publication.\r\n\r\n2022/08/01 12:00 PM PDT (Pacific Time, -7 hours)\r\n * {color:#172b4d}Updated the\u00a0_Remediation_ section to note that if the {{disabledsystemuser}} account is manually deleted, the app must also be updated or uninstalled to ensure the account does not get recreated{color}\r\n\r\n2022/08/01 11:00 AM PDT (Pacific Time, -7 hours)\r\n * Updated the\u00a0_Summary of Vulnerability_ section to note the email service provider for the {{dontdeletethisuser@email.com}}\u00a0account has confirmed the account has been blocked\u00a0\r\n\r\n2022/07/30 1:15 PM PDT (Pacific Time, -7 hours)\r\n * Updated the\u00a0_Summary of Vulnerability_ section to note that instances that have not remediated this vulnerability per the\u00a0_Remediation_ section below may send email notifications from Confluence to a third party email address\r\n * Additional details are available in [Confluence Security Advisory 2022-07-20|https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html]\r\n\r\n2022/07/22 9:30 AM PDT (Pacific Time, -7 hours)\r\n * Updated the\u00a0_Remediation_ section to explain only option 2 can be used for Confluence Server and Data Center instances configured to use a read-only external directory\r\n * Added a link to a page of frequently asked questions about CVE-2022-26138\r\n\r\n2022/07/21 8:30 AM PDT (Pacific Time, -7 hours)\r\n * An external party has discovered and publicly disclosed the hardcoded password on Twitter. *It is important to remediate this vulnerability on affected systems immediately.*\r\n * The Vulnerability Summary section has been updated to include this new information\r\n\r\nh3. Vulnerability Summary\r\n\r\nWhen the [Questions for Confluence app|https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=server&tab=overview] is enabled on Confluence Server or Data Center, it creates a Confluence user account with the username {{{}disabledsystemuser{}}}. This account is intended to aid administrators that are migrating data from the app to Confluence Cloud. The {{disabledsystemuser}} account is created with a hardcoded password and is added to the {{confluence-users}} group, which allows viewing and editing all non-restricted pages within Confluence [by default|https://confluence.atlassian.com/doc/confluence-groups-139478.html]. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence.\r\n\r\nThe {{disabledsystemuser}} account is configured with a third party email address ({{{}dontdeletethisuser@email.com{}}}) that is not controlled by Atlassian. If this vulnerability has not been remediated per the _Fixes_\u00a0section below, an affected instance\u00a0configured\u00a0to send\u00a0[notifications|https://confluence.atlassian.com/doc/email-notifications-145162.html]\u00a0will email that address.\u00a0One example\u00a0of an email notification is\u00a0[Recommended Updates Notifications|https://confluence.atlassian.com/doc/configuring-the-recommended-updates-email-notification-281480712.html], which contains a report of the top pages from Confluence spaces the user has permissions to view. mail.com, the free email provider that manages the {{dontdeletethisuser@email.com}}\u00a0account, has confirmed to Atlassian that the account has been blocked. This means it cannot be accessed by anyone unauthorized and cannot send or receive any new messages.\r\n\r\n(!) An external party has discovered and publicly disclosed the hardcoded password on Twitter. Refer to the _Remediation_ section below for guidance on how to remediate this vulnerability.\r\nh3. How To Determine If You Are Affected\r\n\r\nA Confluence Server or Data Center instance is affected if it has an active user account with the following information:\r\n * User: {{disabledsystemuser}}\r\n * Username: {{disabledsystemuser}}\r\n * Email: {{dontdeletethisuser@email.com}}\r\n\r\nIf this account does not show up in the list of active users, the Confluence instance is not affected.\r\nh3. Remediation\r\n\r\n(!) Uninstalling the Questions for Confluence app does *not* remediate this vulnerability. The {{disabledsystemuser}} account does not automatically get removed after the app has been uninstalled. If you have verified a Confluence Server or Data Center instance is affected, two equally effective ways to remediate this vulnerability are listed below. (!)\r\nh4. Option 1: Update to a non-vulnerable version of Questions for Confluence\r\n\r\nUpdate the Questions for Confluence app to a fixed version:\r\n * 2.7.x >= 2.7.38\r\n * Versions >= 3.0.5\r\n\r\nFor more information on how to update an app, refer to [Atlassian's documentation|https://confluence.atlassian.com/upm/updating-apps-273875710.html].\r\n\r\nFixed versions of the Questions for Confluence app stop creating the {{disabledsystemuser}} user account, and remove it from the system if it has already been created. Migrating data from the app to Confluence Cloud is now a manual process.\r\n\r\n(!) If Confluence is configured to use a read-only external directory (e.g. Atlassian Crowd), you will need to follow Option 2 below.\r\nh4. Option 2: Disable or delete the {{disabledsystemuser}} account\r\n\r\nSearch for the {{disabledsystemuser}} account and either disable it or delete it. For instructions on how to disable or delete an account (including an explanation of the differences between the two options), refer to [Atlassian's documentation|https://confluence.atlassian.com/doc/delete-or-disable-users-138318.html].\r\n\r\nIf you choose to delete the {{disabledsystemuser}} account, you must also [uninstall|https://confluence.atlassian.com/upm/uninstalling-apps-273875709.html] or upgrade the Questions for Confluence app to a non-vulnerable version. *Failure to do this could result in the account being recreated after it has been deleted.*\r\n\r\nIf Confluence is configured to use a read-only external directory, refer to the [Delete from a read-only external directory, or multiple external directories section|https://confluence.atlassian.com/doc/delete-or-disable-users-138318.html#DeleteorDisableUsers-Deletefromaread-onlyexternaldirectory,ormultipleexternaldirectories]\u00a0from the same document\r\nh3. Frequently Asked Questions\r\n\r\nWe'll update the\u00a0[FAQ for CVE-2022-26138|https://confluence.atlassian.com/kb/faq-for-cve-2022-26138-1141988423.html]\u00a0with answers for commonly asked questions.\r\nh3. Security Advisory\r\n\r\nFor additional details, refer to [Confluence Security Advisory 2022-07-20|https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html].\u00a0", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-08T17:06:14", "type": "atlassian", "title": "Questions For Confluence App - Hardcoded Password", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26138"], "modified": "2023-09-08T16:56:33", "id": "CONFSERVER-79483", "href": "https://jira.atlassian.com/browse/CONFSERVER-79483", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-12-03T20:40:31", "description": "A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-23T14:41:30", "type": "redhatcve", "title": "CVE-2022-34302", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34302"], "modified": "2023-08-31T16:19:21", "id": "RH:CVE-2022-34302", "href": "https://access.redhat.com/security/cve/cve-2022-34302", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T20:40:30", "description": "A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-23T15:09:56", "type": "redhatcve", "title": "CVE-2022-34303", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34303"], "modified": "2023-08-31T16:19:23", "id": "RH:CVE-2022-34303", "href": "https://access.redhat.com/security/cve/cve-2022-34303", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T20:40:31", "description": "A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH",