Consumer group Which? found privacy issues in connected air fryers. How smart do we want and need our appliances to be?

Consumer group Which? has warned shoppers to be selective when it comes to buying smart air fryers from Xiaomi, Cosori, and Aigostar.

We’ve learned to expect that “smart” appliances come with privacy risks—toothbrushes aside—but I really hadn’t given my air fryer any thought. Now things are about to change.

You don’t need to worry about the air fryers sending reports about your eating habits to your healthcare provider just yet. But according to Which?, the air fryers’ associated phone apps wanted to know customers’ precise locations, as well as permission to record audio on the user’s phone.

The researchers also found evidence that the Aigostar and Xiaomi fryers both sent people’s personal data to servers in China. This was specified in the privacy notice, but we know not everyone reads a privacy notice.

When buying any kind of smart device, it’s worth doing these things:

*   **Question the permissions an app asks for on your phone**. Does it serve a purpose for you, the user, or is it just some vendor being nosy?
*   **Read the privacy policy**. The vendors are counting on it that you won’t but there are times that privacy policies are very revealing.
*   **Ask yourself if the appliance needs to be smart**. What’s in it for you, and what’s the price you’re going to pay?

An easy solution is not to install the app, and don’t provide manufacturers with personal data they do not need to know. They may need your name for the warranty, but your gender, age, and—most of the time—your address isn’t needed.

You shouldn’t be surprised to find out that appliances that are activated by voice commands are listening to you. How else do you expect them to know you are giving them an order?

It’s what they do with the information and how well they are secured against abuse by third parties that we should be concerned with.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Air fryers are the latest surveillance threat you didn&#8217;t consider 

In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522.

**October 2023 Product Security Bulletin**

Published 2023-10-02

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi, TV and Audio chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

**CVEs**

High

CVE-2023-20819, CVE-2023-32819, CVE-2023-32820

Medium

CVE-2023-32821, CVE-2023-32822, CVE-2023-32823, CVE-2023-32824, CVE-2023-32826, CVE-2023-32827, CVE-2023-32828, CVE-2023-32829, CVE-2023-32830

****Details****

CVE

**CVE-2023-20819**

Title

Out-of-bounds write in CDMA PPP protocol

Severity

High

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2731, MT6570, MT6580, MT6595, MT6732, MT6735, MT6737, MT6737M, MT6738, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6757, MT6758, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6775, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6795, MT6797, MT6799, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6983, MT6985, MT6989, MT8666, MT8666A, MT8667, MT8673, MT8675, MT8765, MT8766, MT8766Z, MT8768, MT8768A, MT8768B, MT8768T, MT8768Z, MT8781, MT8786, MT8788, MT8788T, MT8788X, MT8788Z, MT8791, MT8791T, MT8797, MT8798

Affected Software Versions

Modem LR11, LR12A, LR13, NR15, NR16, NR17

CVE

**CVE-2023-32819**

Title

Exposure of sensitive information to an unauthorized actor in display

Severity

High

Vulnerability Type

ID

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Description

In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6765, MT6768, MT6833, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT6985, MT8188, MT8195, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32820**

Title

Denial of service in wlan firmware

Severity

High

Vulnerability Type

DoS

CWE

CWE-400 Denial of Service

Description

In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8168, MT8365, MT8518S, MT8532, MT8666, MT8673, MT8675, MT8695, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0 / Linux 4.19 / Yocto 3.1, 3.3 / IOT-v23.0

CVE

**CVE-2023-32821**

Title

Exposure of sensitive information to an unauthorized actor in video

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Description

In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6853, MT6873, MT6885

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32822**

Title

Improper input validation in ftm

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2713, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6833, MT6835, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32823**

Title

Integer overflow or wraparound in rpmb

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8765, MT8788

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32824**

Title

Double free in rpmb

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-415 Double Free

Description

In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8765, MT8788

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32826**

Title

Out-of-bounds write in camera middleware

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32827**

Title

Out-of-bounds write in camera middleware

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32828**

Title

Integer overflow or wraparound in vpu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6771, MT6779, MT6785, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6891, MT6893, MT8183, MT8188, MT8195, MT8390, MT8395

Affected Software Versions

Android 12.0 / IOT-v23.0

CVE

**CVE-2023-32829**

Title

Out-of-bounds write in apusys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6886, MT6891, MT6895, MT6896, MT6983, MT6985, MT8137, MT8139, MT8188, MT8195, MT8195Z, MT8390, MT8395

Affected Software Versions

Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / IOT-v23.0

CVE

**CVE-2023-32830**

Title

Out-of-bounds write in TVAPI

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5527, MT5583, MT5598, MT5599, MT5670, MT5680, MT5691, MT5695, MT5806, MT5813, MT5815, MT5816, MT5833, MT5835, MT5895, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9215, MT9216, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9600, MT9602, MT9610, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9633, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9660, MT9666, MT9667, MT9669, MT9670, MT9671, MT9675, MT9679, MT9685, MT9686, MT9688, MT9900, MT9901, MT9931, MT9950, MT9969, MT9970, MT9980, MT9981

Affected Software Versions

Android 10.0, 11.0

****Vulnerability Type Definition****

Abbreviation

**Definition**

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

**Version**

**Date**

**Description**

1.0

October 2, 2023

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.

CVE-2023-32830: October 2023

OX App Suite suffers from remote SQL injection, server-side request forgery, cross site scripting, improper neutralization, command injection, and exposure of sensitive information vulnerabilities.

Internal reference: OXUIB-2282  
Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))  
Component: frontend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite frontend 7.10.6-rev27  
First fixed revision: OX App Suite frontend 7.10.6-rev28  
Discovery date: 2023-03-20  
Solution date: 2023-04-20  
Disclosure date: 2023-08-02  
CVE: CVE-2023-26445  
CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L)

Details:  
Themes can be abused to inject script code for persistent XSS. Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login.

Risk:  
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. No publicly available exploits are known.

Solution:  
We now sanitize the theme value and use a default fallback if no theme matches.

---

Internal reference: OXUIB-2283  
Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))  
Component: frontend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite frontend 7.10.6-rev27, OX App Suite frontend 8.11  
First fixed revision: OX App Suite frontend 7.10.6-rev28, OX App Suite frontend 8.12  
Discovery date: 2023-03-20  
Solution date: 2023-04-20  
Disclosure date: 2023-08-02  
CVE: CVE-2023-26446  
CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Details:  
XSS using application passwords "lastDevice" property. The users clientID at "application passwords" was not sanitized or escaped before being added to DOM.

Risk:  
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. No publicly available exploits are known.

Solution:  
We now sanitize the user-controllable clientID parameter.

---

Internal reference: OXUIB-2284  
Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))  
Component: frontend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite frontend 7.10.6-rev27  
First fixed revision: OX App Suite frontend 7.10.6-rev28  
Discovery date: 2023-03-20  
Solution date: 2023-04-20  
Disclosure date: 2023-08-02  
CVE: CVE-2023-26447  
CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Details:  
XSS in upsell portal widget. The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM.

Risk:  
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. No publicly available exploits are known.

Solution:  
We now sanitize jslob content.

---

Internal reference: OXUIB-2285  
Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))  
Component: frontend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite frontend 7.10.6-rev27  
First fixed revision: OX App Suite frontend 7.10.6-rev28  
Discovery date: 2023-03-20  
Solution date: 2023-04-27  
Disclosure date: 2023-08-02  
CVE: CVE-2023-26448  
CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Details:  
XSS via user-defined login/logout URL. Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers.

Risk:  
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. No publicly available exploits are known.

Solution:  
We now sanitize jslob content for those locations to avoid redirects to malicious content.

---

Internal reference: OXUIB-2286  
Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))  
Component: frontend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite frontend 7.10.6-rev27  
First fixed revision: OX App Suite frontend 7.10.6-rev28  
Discovery date: 2023-03-20  
Solution date: 2023-04-19  
Disclosure date: 2023-08-02  
CVE: CVE-2023-26449  
CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Details:  
XSS by returning user-defined content-type as Chat service resource. The "OX Chat" web service did not specify a media-type when processing responses by external resources.

Risk:  
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. No publicly available exploits are known.

Solution:  
We are now defining the accepted media-type to avoid code execution.

---

Internal reference: OXUIB-2287  
Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))  
Component: frontend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite frontend 7.10.6-rev27  
First fixed revision: OX App Suite frontend 7.10.6-rev28  
Discovery date: 2023-03-20  
Solution date: 2023-04-19  
Disclosure date: 2023-08-02  
CVE: CVE-2023-26450  
CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Details:  
XSS using malicious Count service resource. The "OX Count" web service did not specify a media-type when processing responses by external resources.

Risk:  
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. No publicly available exploits are known.

Solution:  
We are now defining the accepted media-type to avoid code execution.

---

Internal reference: MWB-1877  
Type: CWE-918 (Server-Side Request Forgery (SSRF))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev42, OX App Suite backend 8.10  
First fixed revision: OX App Suite backend 7.10.6-rev43, OX App Suite backend 8.11  
Discovery date: 2022-10-17  
Solution date: 2023-04-27  
Disclosure date: 2023-08-02  
CVE: CVE-2023-26438  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Details:  
SSRF using DNS rebinding attacks. External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists.

Risk:  
Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. No publicly available exploits are known.

Solution:  
Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use.

---

Internal reference: MWB-2020  
Type: CWE-77 (Improper Neutralization of Special Elements used in a Command ('Command Injection'))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev42, OX App Suite backend 8.10  
First fixed revision: OX App Suite backend 7.10.6-rev43, OX App Suite backend 8.11  
Discovery date: 2023-01-23  
Solution date: 2023-04-26  
Disclosure date: 2023-08-02  
Researcher credits: Tim 'foobar7' Coen  
CVE: CVE-2023-26430  
CVSS: 3.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N)

Details:  
Mailfilter (SIEVE) rules accept control characters. Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules.

Risk:  
This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. No publicly available exploits are known.

Solution:  
We have added sanitization to all mail-filter APIs to avoid forwardning control characters to subsystems.

---

Internal reference: MWB-2086  
Type: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev42, OX App Suite backend 8.11  
First fixed revision: OX App Suite backend 7.10.6-rev43, OX App Suite backend 8.12  
Discovery date: 2023-03-14  
Solution date: 2023-04-27  
Disclosure date: 2023-08-02  
Researcher credits: Mehmet 'mdisec' Ince  
CVE: CVE-2023-26443  
CVSS: 5.5 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L)

Details:  
Potentially malicious SQL injection when using full-text autocomplete. Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements.

Risk:  
With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. No publicly available exploits are known.

Solution:  
We now properly encode single quotes for SQL FULLTEXT queries.

---

Internal reference: MWB-2102  
Type: CWE-330 (Use of Insufficiently Random Values)  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 8.11  
First fixed revision: OX App Suite backend 8.12  
Discovery date: 2023-03-27  
Solution date: 2023-04-28  
Disclosure date: 2023-08-02  
Researcher credits:  Eldar 'HakuPiku' Zeynalli  
CVE: CVE-2023-26451  
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Details:  
oAuth provider uses predictable secret source, allows to take over any oAuth session. Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service.

Risk:  
Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. No publicly available exploits are known.

Solution:  
We have updated the implementation to use sources with sufficient randomness to generate authorization tokens.

---

Internal reference: DOCS-4726  
Type: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))  
Component: office  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite office 8.10  
First fixed revision: OX App Suite office 8.11  
Discovery date: 2023-02-13  
Solution date: 2023-03-14  
Disclosure date: 2023-08-02  
Researcher credits: Mehmet 'mdisec' Ince  
CVE: CVE-2023-26439  
CVSS: 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Details:  
SQL Injection at Cacheservice "getObjects" API. The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement.

Risk:  
Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. No publicly available exploits are known.

Solution:  
We have improved the input check for API calls and filter for potentially malicious content.

---

Internal reference: DOCS-4727  
Type: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))  
Component: office  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite office 8.10  
First fixed revision: OX App Suite office 8.11  
Discovery date: 2023-02-13  
Disclosure date: 2023-08-02  
Researcher credits: Mehmet 'mdisec' Ince  
CVE: CVE-2023-26440  
CVSS: 8.3 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Details:  
SQL Injection at Cacheservice "registerGroup" API. The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups.

Risk:  
Attackers with access to a local or restricted network could perform arbitrary SQL queries. No publicly available exploits are known.

Solution:  
We have improved the input check for API calls and filter for potentially malicious content.

---

Internal reference: DOCS-4728  
Type: CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor)  
Component: office  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite office 8.10  
First fixed revision: OX App Suite office 8.11  
Discovery date: 2023-02-14  
Solution date: 2023-04-28  
Disclosure date: 2023-08-02  
Researcher credits: Mehmet 'mdisec' Ince  
CVE: CVE-2023-26441  
CVSS: 6.9 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L)

Details:  
Cacheservices allows local file inclusion/removal through directory traversal. Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources.

Risk:  
An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. No publicly available exploits are known.

Solution:  
We have improved path validation and make sure that any access is contained to the defined root directory.

---

Internal reference: DOCS-4734  
Type: CWE-918 (Server-Side Request Forgery (SSRF))  
Component: office  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite office 8.10  
First fixed revision: OX App Suite office 8.11  
Discovery date: 2023-02-15  
Disclosure date: 2023-08-02  
Researcher credits: Mehmet 'mdisec' Ince  
CVE: CVE-2023-26442  
CVSS: 3.2 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N)

Details:  
Cacheservice HTTP client follow redirect responses, allowing SSRF. In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend.

Risk:  
An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. No publicly available exploits are known.

Solution:  
We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources.

OX App Suite SSRF / SQL Injection / Cross Site Scripting

There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.

**Impact**

I have discovered what I think is a potential vulnerability in Zephyr's SMP  
implementation.

There is an error in the condition of the last if-statement in the function smp_check_keys,  
i.e. the one that looks to be checking that the keys requirements of level 4 and higher are met.  
As written, it appears to reject the current keys if ALL requirements are  
unmet, but my understanding is that it should reject the keys if ANY of the requirements are unmet.

Here is a diff showing exactly what I think is wrong and how it could be  
fixed:

    diff --git a/subsys/bluetooth/host/smp.c b/subsys/bluetooth/host/smp.c
    index 5132ad7495..3581b77bd6 100644
    --- a/subsys/bluetooth/host/smp.c
    +++ b/subsys/bluetooth/host/smp.c
    @@ -363,9 +363,9 @@ static bool smp_keys_check(struct bt_conn *conn)
    	}
    
    	if (conn->required_sec_level > BT_SECURITY_L3 &&
    -           !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED) &&
    -           !(conn->le.keys->keys & BT_KEYS_LTK_P256) &&
    -           !(conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE)) {
    +           (!(conn->le.keys->flags & BT_KEYS_AUTHENTICATED) ||
    +            !(conn->le.keys->keys & BT_KEYS_LTK_P256) ||
    +            !(conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE))) {
    		return false;
    	}
    

**Patches****For more information**

If you have any questions or comments about this advisory:

*   Open an issue in zephyr
*   Email us at Zephyr-vulnerabilities

embargo: 2022-11-03

CVE-2022-2993: bt: host: Wrong key validation check

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

CVE-2020-15306: openexr/CHANGES.md at main · AcademySoftwareFoundation/openexr

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.

**Comments**

 db-sca changed the title An incorrect check on length in babeld Incorrect checks on length in babeld

Feb 4, 2022

qingkaishi added a commit to qingkaishi/frr that referenced this issue

Feb 4, 2022

…n length

This patch repairs the checking conditions on length in four functions:
babel\_packet\_examin, parse\_hello\_subtlv, parse\_ihu\_subtlv, and parse\_update\_subtlv

Signed-off-by: qingkaishi <qingkaishi@gmail.com>

qingkaishi added a commit to qingkaishi/frr that referenced this issue

Feb 4, 2022

…n length

This patch repairs the checking conditions on length in four functions:
babel\_packet\_examin, parse\_hello\_subtlv, parse\_ihu\_subtlv, and parse\_update\_subtlv

Signed-off-by: qingkaishi <qingkaishi@gmail.com>

mergify bot pushed a commit that referenced this issue

Feb 8, 2022

This patch repairs the checking conditions on length in four functions:
babel\_packet\_examin, parse\_hello\_subtlv, parse\_ihu\_subtlv, and parse\_update\_subtlv

Signed-off-by: qingkaishi <qingkaishi@gmail.com>
(cherry picked from commit c379335)

plsaranya pushed a commit to plsaranya/frr that referenced this issue

Feb 28, 2022

 

…n length

This patch repairs the checking conditions on length in four functions:
babel\_packet\_examin, parse\_hello\_subtlv, parse\_ihu\_subtlv, and parse\_update\_subtlv

Signed-off-by: qingkaishi <qingkaishi@gmail.com>

patrasar pushed a commit to patrasar/frr that referenced this issue

Apr 28, 2022

 

…n length

This patch repairs the checking conditions on length in four functions:
babel\_packet\_examin, parse\_hello\_subtlv, parse\_ihu\_subtlv, and parse\_update\_subtlv

Signed-off-by: qingkaishi <qingkaishi@gmail.com>

gpnaveen pushed a commit to gpnaveen/frr that referenced this issue

Jun 7, 2022

…n length

This patch repairs the checking conditions on length in four functions:
babel\_packet\_examin, parse\_hello\_subtlv, parse\_ihu\_subtlv, and parse\_update\_subtlv

Signed-off-by: qingkaishi <qingkaishi@gmail.com>

CVE-2022-26128: Incorrect checks on length in babeld · Issue #10502 · FRRouting/frr

An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

*   Home
*   Services
    *   Home Internet
    *   Voice Services
    *   Home Security
*   Our Story
    *   Our Mission
    *   Community Involvement
    *   Scholarship & Grants
*   Careers
*   Support
    *   Understanding Your Bill
    *   Tech Glossary
    *   Wi-Fi 101 Videos
*   Blog
*   Contact Us

Menu

*   Home
*   Services
    *   Home Internet
    *   Voice Services
    *   Home Security
*   Our Story
    *   Our Mission
    *   Community Involvement
    *   Scholarship & Grants
*   Careers
*   Support
    *   Understanding Your Bill
    *   Tech Glossary
    *   Wi-Fi 101 Videos
*   Blog
*   Contact Us

Menu

**Ready to Get Connected?**

Find out which of our services are available in your area.

**A Proud Rural Service Provider**

**DRIVEN TO BE THE BEST**

YK Communications strives to provide superior communications technologies to the homes and businesses in our service areas.

We deliver an exceptional level of local customer care with personal attention, prompt responses, and strong working relationships.

Our owners, management team, and employees all live in, work in, and enthusiastically support the communities we serve.

**A Customizable Experience**

With Whole-Home Wi-Fi and a CommandIQ app, you have complete control over things like parental controls and cybersecurity!

**Speeds Up To 1 GIG**

We’ve got fiber, yes we do. So whether you are busy gaming, streaming, downloading, or re-spawning – you can leave the lag behind.

**24/7 Technical Support**

YK Communications makes it a priority to keep you connected. Technical support is available 24 hours a day, 7 days a week.

**BUILD YOUR CUSTOM EXPERIENCE**

Our experience-enhancing add-ons allow you to build the service that works best for you and your household. Contact a specialist today for a free service consultation by calling 

(361) 771-3334.

**Click To Learn More About:**

**WAYS TO SAVE**

**on Services you Need**

YK Communications works to offer exceptional services without cutting corners – but sometimes we can help you cut down on extra costs through promotions. Check out the options below for details.

**Your Neighbors Are**

**OUR HAPPY CUSTOMERS**

“Great customer service, and very helpful with everything! We use them for all our security, phone, internet, website, and more! So glad we can shop local! YKC has always supported our local community which gives you more reasons to shop local! When is the last time the mall or Apple has supported the local 4H, Boy/Girl Scouts, the school, Volunteer Fire Department, and more? Thank you Ganado Telephone and YKC for all you do for our personal and public needs.”

**Seth Brezina**

**Read What’s Happening On**

**THE YK BLOG**

**Troubleshooting Your Wi-Fi: What Else Causes Internet Connectivity Issues?**

As a YK Communications internet service customer, you rely on your Wi-Fi connection for everything from streaming movies and playing games to online shopping and staying connected with family and friends. So, when something goes wrong, it can be frustrating and even stressful. However, before you call our 24/7 support team, there are a few things you can try to

Read More

**Beware of Summer Security Scams: Stay Protected with YK Communications**

With the onset of summer and the increasing temperatures, many of us look forward to spending more time outdoors. However, this delightful season also brings along a less pleasant annual tradition – the influx of door-to-door salesmen, often peddling home security systems. While some represent legitimate companies, others exploit the summer spike in sales activity to blend in and prey

Read More

**We're Social!**

Like and follow us online @ykcomms

Next To You. Ahead Of Technology. We’re a local provider of residential and business-class InternetA global wide area network (WAN), also described as a networ… More, Voice, Video and Security services in Texas.

**Quick Links**

**Give Us A Call**

**to get connected or upgrade!**

**Visit Us**

All rights reserved. Copyrighted 2023 by YK Communications.

CVE-2023-39043: Home - YK Communications

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.

*   **Document ID:**_KM03158014_
*   **Creation Date:**09-May-2018
*   **Modified Date:**14-May-2018
*   *   **Micro Focus Products:**
        
        network operations management ultimate 2017.07
        
        network operations management ultimate 2017.11
        
        network operations management ultimate 2018.02
        
        network automation 10.00
        
        network automation 10.10
        
        network automation 10.11
        
        network automation 10.20
        
        network automation 10.30
        
        network automation 10.40
        
        network automation 10.50
        

**Summary**

A potential security vulnerability has been identified in Micro Focus Network Automation and Network Operations Management (NOM) Suite. The vulnerabilities could be remotely exploited to allow SQL injection, persist cross-site scripting, and non-persistent HTML Injection.

**Reference**

SUPPORT COMMUNICATION - SECURITY BULLETIN

**Document ID:** KM03157112

**Version:** 1

MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities

**NOTICE:** The information in this Security Bulletin should be acted upon as soon as possible.

**Release Date:** 2018-05-09

**Last Updated:** 2018-05-09

**Potential Security Impact:** Remote: Cross-Site Scripting (XSS), SQL Injection

**Source:** Micro Focus, Product Security Response Team

**VULNERABILITY SUMMARY**

A potential security vulnerability has been identified in Micro Focus Network Automation and Network Operations Management (NOM) Suite. The vulnerabilities could be remotely exploited to allow SQL injection, persist cross-site scripting, and non-persistent HTML Injection.

**References:**

*   CVE-2018-6492 - Remote Cross-Site Scripting (XSS)
*   CVE-2018-6493 - Remote SQL Injection

**SUPPORTED SOFTWARE VERSIONS\*: ONLY impacted versions are listed.**

*   HP Network Automation Software - v10.0x, v10.1x, v10.2x, v10.3x, v10.4x, v10.5x
*   Network Operations Management (NOM) Suite - v2017.06 - Classic Suite, v2017.11 - Classic Suite, v2017.11 - Containerized Suite, v2018.02 - Classic Suite, v2018.02 - Containerized Suite

CVSS Version 3.0 and Version 2.0 Base Metrics

Reference

V3 Vector

V3 Base Score

V2 Vector

V2 Base Score

CVE-2018-6492

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

4.7

(AV:N/AC:H/Au:S/C:N/I:C/A:P)

5.6

CVE-2018-6493

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

8.0

(AV:N/AC:H/Au:S/C:C/I:C/A:N)

6.6

Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com.

**HISTORY**  
Version:1 (rev.1) - 10 May 2018 Initial release

**Third Party Security Patches:** Third party security patches that are to be installed on systems running Micro Focus software products should be applied in accordance with the customer's patch management policy.

**Support:** For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to Product Security Team.

**Report:** To report a potential security vulnerability for any supported product:

*   Web Form: https://www.microfocus.com/support-and-services/report-security
*   Email: security@microfocus.com

**Subscribe:** To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification  
Once you are logged in to the portal, please choose security bulletins under “product” and “document types”.  
Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- it’s free and easy https://www.microfocus.com/selfreg/jsp/createAccount.jsp

**Security Bulletin Archive:** A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability

**Software Product Category:** The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin.

3P = 3rd Party Software  
GN = Micro Focus General Software  
MU = Multi-Platform Software

System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

© Copyright 2017 EntIT Software LLC

Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

© Micro Focus. Please see Terms of Use applicable to this content.

CVE-2018-6493: MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities

Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® NUC HDMI Firmware Update Tool Advisory**

**Summary: **

A potential security vulnerability in the Intel® NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-26024

Description: Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score:  6.7 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7.

**Recommendations:**

Intel recommends updating the Intel® NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN to version 1.78.2.0.7 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19749/hdmi-firmware-update-tool-for-nuc7i3dn-nuc7i5dn-nuc7i7dn.html

**Acknowledgements:**

Intel would like to thank Hazem Brini ( 7azimo - Jungsu ) for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-26024: INTEL-SA-00689

Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**DSP Builder for Intel® FPGAs Pro Edition Software Advisory**

**Summary: **

A potential security vulnerability in the Digital Signal Processing (DSP) Builder software installer for Intel® FPGAs Pro Edition may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-43474

Description: Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

DSP Builder software installer before version 22.4 for Intel® FPGAs Pro Edition.

**Recommendations:**

Intel recommends updating DSP Builder software to version 22.4 or later for Intel® FPGAs Pro Edition.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/software-kit/764047/dsp-builder-for-intel-fpgas-pro-edition-software-version-22-4.html

**Acknowledgements:**

Intel would like to thank Marius Gabriel Mihai for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Search

lenovo warranty check/lookup | check warranty status | lenovo support us