Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. 

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. 

**General Information**

A critical severity authentication vulnerability was discovered in Confluence Server and Data Center (CVE-2023-22515). 

This page contains frequently asked questions and answers about this vulnerability. The Atlassian Security Team will update this page as new information becomes available.

**Is my Confluence instance affected?**

The Confluence Data Center and Server versions listed below are affected by this vulnerability. Publicly accessible Confluence Data Center and Server versions as listed below are at critical risk and require immediate attention. Customers using these versions should upgrade your instance as soon as possible.

**Versions prior to 8.0 are not affected by this vulnerability.**

Product

Affected Versions

Confluence Data Center and Confluence Server

*   8.0.0
*   8.0.1
*   8.0.2
*   8.0.3
*   8.1.0
*   8.1.3
*   8.1.4
*   8.2.0
*   8.2.1
*   8.2.2
*   8.2.3
*   8.3.0
*   8.3.1
*   8.3.2
*   8.4.0
*   8.4.1
*   8.4.2
*   8.5.0
*   8.5.1

Atlassian recommends that you upgrade each of your affected installations to one of the listed fixed versions (or any later version) below.

Product

Fixed Versions

Confluence Data Center and Confluence Server

*   8.3.3 or later
*   8.4.3 or later
*   8.5.2 or later

**Are Cloud instances affected?**

If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

**Why am I being redirected to setup/finishsetup.action or seeing 403/404 errors after I’ve applied the mitigation steps?**

The mitigation actions noted in the Advisory are not a replacement for upgrading your instance; you must upgrade as soon as possible. The mitigation steps will block an attacker's ability to create an administrator account in Confluence, however, it won’t prevent an attacker from continuously trying to exploit the instance which may result in a Denial of Service attack. Once the upgrade is complete, you will no longer receive the **HTTP Status** errors or redirects to /setup/finishsetup.action.

**Does upgrading to a fixed version completely solve the issue?**

No. If an instance has already been compromised, upgrading will not remove the compromise.

As well as upgrading, customers can follow "Can we determine if Confluence has already been compromised?", which is available in this FAQ, to check for indicators of compromise. If any evidence is found, you should assume that your instance has been compromised and evaluate the risk of flow-on effects.

**I am running an affected version of Confluence. How can I mitigate the threat until I upgrade?**

If you are unable to upgrade Confluence, as an interim measure we recommend restricting external network access to the affected instance.

Additionally, you can mitigate known attack vectors for this vulnerability by blocking access to the /setup/* endpoints on Confluence instances. This is possible at the network layer or by making the following changes to Confluence configuration files.

1. On each node, modify /<confluence-install-dir>/confluence/WEB-INF/web.xml  and add the following block of code (just _before_ the </web-app> tag at the end of the file):

    <security-constraint>
         <web-resource-collection>
           <url-pattern>/setup/*</url-pattern>
    	   <http-method-omission>*</http-method-omission>
    	</web-resource-collection>
       <auth-constraint />
    </security-constraint>

2\. Restart Confluence.

The mitigation prevents any Confluence administrators from triggering Confluence setup actions, this includes setting up Confluence from scratch or migrating to and from Data Center. If these actions are required you will need to remove these lines from the web.xml file. Please re-add these lines if you are not running a fixed version of Confluence.

**My instance isn't exposed to the Internet. Is an upgrade still recommended?**

Yes! While ensuring instances are not exposed to the public internet greatly reduces the attack surface, we strongly recommend upgrading when security fixes are available.

**My instance is NOT connected to the internet, what should I do? Am I safe?**

If the Confluence instance cannot be accessed from the general internet, the risk of an exploit/attack originating from there is negated. 

Due to the critical nature of this vulnerability and the variety of ways in which instances can be accessed, please work with local network/security team(s) to determine if mitigation is needed. However, out of an abundance of caution, the guidance on the Confluence Security Advisory page for CVE-2023-22515 still applies.

**Can we determine if Confluence has already been compromised?**

Per our security advisory CVE-2023-22515, the following are indicators of a potential compromise:

*   unexpected members in the confluence-administrators group
*   unexpected newly created user accounts
*   requests to /setup/*.action in network access logs
*   presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory

Expand for an example of the above exception message

    2027-01-01 07:50:38,312 ERROR [http-nio-8090-exec-8 url: /confluence/setup/setupadministrator.action] [atlassian.confluence.user.DefaultUserAccessor] createGroup com.atlassian.crowd.exception.embedded.InvalidGroupException: com.atlassian.crowd.exception.InvalidGroupException: Group already exists
     -- url: /confluence/setup/setupadministrator.action | userName: anonymous | action: setupadministrator | traceId: 43994e68d74b2b4b
    com.atlassian.user.impl.EntityValidationException: com.atlassian.crowd.exception.embedded.InvalidGroupException: com.atlassian.crowd.exception.InvalidGroupException: Group already exists
    	at com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdGroupManager.createGroup(EmbeddedCrowdGroupManager.java:146)
    	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    	...
    	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:220)
    	at com.sun.proxy.$Proxy165.addGroup(Unknown Source)
    	at com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdGroupManager.createGroup(EmbeddedCrowdGroupManager.java:144)
    	... 490 more
    Caused by: com.atlassian.crowd.exception.InvalidGroupException: Group already exists
    	at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.addGroup(ApplicationServiceGeneric.java:719)
    	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.addGroup(CrowdServiceImpl.java:421)
    	... 507 more

Please work with your local security team or a specialist security forensics firm for further investigation, and contact Atlassian Support for additional assistance.

**My instance has been compromised, what should I do?**

We strongly recommend involving your local security team for further investigation. If it is determined that your Confluence Server/DC instance has been compromised, our advice is to immediately shut down and disconnect the server from the network/Internet. Also, you may want to immediately shut down any other systems which potentially share a user base or have common username/password combinations with the compromised system.

Before doing anything else you will need to work with your local security team to identify the scope of the breach and your recovery options. If your Confluence instances have been compromised by CVE-2023-22515, threat attackers hold full administrative access and can perform any number of unfettered actions including - but not limited to - exfiltration of content and system credentials, and installation of malicious plugins.

If you believe your Confluence instance was compromised, contact Atlassian Support as Atlassian assistance is required to recover and protect your instance. Please include web server access logs (with the IP address of the attacker) in the data that is provided for further investigation.

**Are other Atlassian products affected by this vulnerability?**

No, they are not affected by CVE-2023-22515. No action is required for other products.

CVE-2023-22515: FAQ for CVE-2023-22515 | Atlassian Support

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

CVE-2020-15306: openexr/CHANGES.md at main · AcademySoftwareFoundation/openexr

Security researcher discovers a non-password-protected database containing over 240,000 records belonging to US-based FinTech bill payment platform Willow…

Security researcher discovers a non-password-protected database containing over 240,000 records belonging to US-based FinTech bill payment platform Willow Pays. The exposed data includes names, emails, credit limits, and internal billing details.

Cybersecurity researcher Jeremiah Fowler recently discovered and reported a publicly accessible database containing over 240,000 records belonging to Willow Pays, a bill payment software company based in Chicago, IL. This database, lacking any password protection or encryption, contained sensitive information such as user names, email addresses, credit limits, and internal billing details.

For your information, Willow Pays is a service that allows users to finance bills and other expenses over four weeks. Customers upload their bills and personal information, and Willow Pays approves or denies the request before facilitating payments.

According to Fowler’s investigation published by Website Planet, this publicly exposed database contained 241,970 records, including “bills, mailing lists, account inconsistencies, repayment schedules, screenshots, settings, and snapshots,” the report read.

The records included names, email addresses, credit limits, and other internal information and a single spreadsheet document contained around 56,864 individuals’ details, who could be active customers, prospects, or blocked accounts.

The extent of any actual data compromise is yet unknown, however, Fowler believes that the exposed information could be exploited by criminals. This could include phishing attacks leveraging real billing data to deceive users, or using the information to gain unauthorized access to other accounts.

Fowler sent a responsible disclosure notice to Willow Pays, which promptly restricted the database from public access. The owner or management of the database is unknown, and the duration of exposure before discovery or if anyone else gained access is unknown.  

This incident highlights the increasing threat of cyberattacks on financial institutions, with Verizon reporting that 95% of data breaches are now financially motivated. Hackread.com recently reported that Czech cybersecurity startup Wultra has raised €3 million to develop post-quantum authentication technology to protect banks and fintech against quantum threats. The investment comes amid this growing global concern over the vulnerability of traditional security methods.

Given the persistent nature of this threat, security experts emphasize the need for financial software providers to implement effective cybersecurity measures, including encrypting sensitive data, regular security audits, and adopting multi-factor authentication. To stay protected from financial fraud online, check out this fraud prevention guide from Hackread.com.

1.  **Israeli fintech firms hit by Cardinal RAT malware**
2.  **Fuel Industry Software Provider Exposes SSNs, PII Data**
3.  **Hackers Exploit Revolut’s Payment System, Stealing $20M**
4.  **Builder.ai Database Exposes 1.29 TB of Unsecured Records**
5.  **Millions of US Voter Data Exposed in 13 Misconfigured Databases**

Fintech Bill Pay Platform “Willow Pays” Exposes Over 240,000 Records

By Deeba Ahmed
Check Point researchers have detailed a new Iranian state-sponsored hacker group called Void Manticore, partnering with Scarred Manticore, another threat group based in Iran's Ministry of Intelligence and Security.
This is a post from HackRead.com Read the original post: Iranian State Hackers Partner Up for Large-Scale Attacks, Report

A Check Point Research (CPR) report reveals that **state-sponsored hackers** and threat actors are employing sophisticated tactics to target organizations and nations, posing a significant threat that demands immediate solutions.

The company focused on Void Manticore, an evolving threat to those opposing Iranian interests. It revealed the complicated tactics they employ to destroy their target, including a complex web of online personas, strategic collaborations, and sophisticated attack methodologies.

Void Manticore is linked to Iran’s Ministry of Intelligence and Security (MOIS) and is known for its destructive wiping attacks and sophisticated influence operations. The actor operates under various online personas, such as “Karma” in Israel and “Homeland Justice” in Albania. 

Their operations are notably influenced by their collaboration with **Scarred Manticore**, another Iranian MOIS-affiliated group. Both engage in a systematic handoff of targets, with Scarred Manticore accessing and exfiltrating data from targeted networks and then transitioning control to Void Manticore. 

“This strategic partnership not only amplifies the scale and impact of their attacks but also poses a formidable challenge for cybersecurity defenders,” Check Point Team noted in the **blog post**.

****Void Manticore Modus Operandi****

Void Manticore’s tactics are straightforward yet effective. Utilizing basic tools, they establish access to target networks and then deploy a range of custom wipers designed for Windows and Linux systems. Some wipers target specific files or file types while others attack the system’s partition table, rendering all data on the disk inaccessible.

Moreover, they engage in manual data destruction activities, including shared drive manipulation, to further amplify the impact of their attacks. They mostly use the CI Wiper, Partition Wipers like the LowEraser, and **the BiBi Wiper**.

Their most recent attacks involved the BiBi Wiper (named after Israeli Prime Minister Benjamin Netanyahu), which can corrupt files and disrupt system functionality. The group has also targeted INSTAT in Albania and multiple Israeli entities.

The Void Manticore and Scarred Manticore connection (Screenshot: CPR)

****How to Stay Safe?****

Void Manticore aims to not just steal but destroy your data and cause chaos. This digital hit-and-run serves as a reminder of the constantly evolving nature of online threats. To protect yourself, stay vigilant by updating software with the latest security patches, be wary of online strangers, and use strong passwords.

1.  Hackers Target Israeli Rocket Alert App Users with Spyware
2.  Iran’s Scarred Manticore Targets Middle East with LIONTAIL Malware
3.  Deadglyph Backdoor Linked to Stealth Falcon APT in the Middle East
4.  Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App
5.  Hacktivists Trageting Critical ICS Infrastructure in Israel and Palestine

Iranian State Hackers Partner Up for Large-Scale Attacks, Report

Plus: China is suspected in a hack targeting the UK’s military, the US Marines are testing gun-toting robotic dogs, and Dell suffers a data breach impacting 49 million customers.

Law enforcement in the United States, United Kingdom, and Australia this week named a Russian national as the person behind LockBitSupp, the pseudonym of the leader of the LockBit ransomware gang that the US says is responsible for extracting $500 million from its victims. Dmitry Yuryevich Khoroshev has been sanctioned and charged with 26 criminal counts in the US, which combined could result in a prison sentence of 185 years. That is, if he’s ever arrested and successfully prosecuted—an extremely rare event for suspects who live in Russia.

Elsewhere in the world of cybercrime, WIRED’s Andy Greenberg interviewed a representative of Cyber Army of Russia, a group of hackers who have targeted water utilities in the US and Europe and are said to have ties to the notorious Russian military hacking unit known as Sandworm. The responses from Cyber Army of Russia were littered with pro-Kremlin talking points—and some curious admissions.

A deputy director of the FBI has urged the agency’s employees to continue to use a massive foreign surveillance database to search for the communications of “US persons,” sparking the ire of privacy and civil liberty advocates who unsuccessfully fought for such searches to require a warrant. Section 702 of the Foreign Intelligence Surveillance Act requires that “targets” of the surveillance program be based outside the US, but the texts, emails, and phone call of people in the US can be included in the 702 database if one of the parties involved in the communication is foreign. An amendment that would have required the FBI to obtain a warrant for 702 searches of US persons failed in a tie vote earlier this year.

Security researchers this week revealed an attack on VPNs that forces some or all of a user’s web traffic to be routed outside the encrypted tunnel, thus negating the entire reason for using a VPN. Dubbed “TunnelVision,” the attack impacts nearly all VPN applications, and the researchers say the attack has been possible since 2022, meaning it’s possible that it’s already been used by malicious actors.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Microsoft has developed an offline generative AI model designed specifically to handle top-secret information for US intelligence agencies, according to _Bloomberg_. This system, based on GPT-4, is isolated from the internet and only accessible through a network exclusive to the US government. William Chappell, Microsoft's chief technology officer for strategic missions and technology, told _Bloomberg_ that, theoretically, around 10,000 individuals could access the system.

Although spy agencies are eager to leverage the capabilities of generative AI, concerns have been raised about the potential unintended leakage of classified information, as these systems typically rely on online cloud services for data processing. However, Microsoft claims that the model it created for the US government is “clean,” meaning it can read files without learning from them, preventing secret information from being integrated into the platform. Bloomberg noted that this marks the first time a major large language model has operated entirely offline.

Sky News reported this week that Britain's Ministry of Defence was the target of a significant cyberattack on its third-party payroll system. On Tuesday, Grant Shapps, the UK defence secretary, informed members of Parliament that payroll records of approximately 270,000 current and former military personnel, including their home addresses, had been accessed in the cyberattack. “State involvement” could not be ruled out, he said.

While the government has not publicly identified a specific country involved, Sky News has reported that the Chinese government is suspected. China’s foreign ministry has denied the allegations, saying in a statement that it “firmly opposes and fights all forms of cyber attacks” and “rejects the use of this issue politically to smear other countries.”

The payroll company, Shared Services Connected, had known about the breach for months before reporting it to the government, according to _The Guardian_.

The United States Marine Forces Special Operations Command (MARSOC) is testing robotic dogs that can be armed with artificial-intelligence-enabled gun systems. According to reporting from The War Zone, the manufacturer of the AI gun system, Onyx Industries, confirmed to reporters at a defense conference this week that as many as two of MARSOC’s robot dogs, developed by Ghost Robotics, are equipped with its weapons systems.

In a statement to The War Zone, MARSOC clarified that the robot dogs are “under evaluation” and are not yet being deployed in the field. They noted that weapons are just one possible application for the technology, which could also be used for surveillance and reconnaissance. MARSOC emphasized that they are fully compliant with US Department of Defense policies on autonomous weapons.

The US Marine Corps has previously tested robotic dogs armed with rocket launchers.

Days after a hacker posted to BreachForums offering to sell data from nearly 50 million Dell customers, the company began notifying its customers of a data breach in a company portal. According to the email sent to the people impacted, the leaked data contains names, addresses, and information about purchased hardware. “The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information,” the email to affected customers states.

Microsoft Deploys Generative AI for US Spies

A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.

NextGen Healthcare

Ranked #1 EHR and PM by Black Book Research

The Electronic Health Records and Practice Management (PM) by NextGen Healthcare were top ranked by independent healthcare analyst firm Black Book Research for the sixth consecutive year. NextGen Healthcare was ranked #1 EHR in 6–10, 11–25 and 26–99 Physician Groups (All Specialties) and #1 PM solution in all Physician Groups with 6–99 providers in the 2023 Ambulatory EHR PM User Survey.

Read More

**What problem can we help you solve?**

**Practice size**

**My biggest challenge is**

Get Started

**Learn more about what we do****Our integrated platform increases productivity, improves financial outcomes, eases information exchange, and enriches the patient experience.**

*   *   Streamline and customize workflows
    *   Improve care team collaboration
    *   Document with Mobile and gain more face time with patients
    *   Stay current with regulatory requirements
    
*   *   Improve patient engagement
    *   Decrease staff time spent on tedious tasks
    *   Deliver care conveniently with telehealth
    *   Enable direct connections with patients
    
*   *   Target higher-risk patients to close gaps in care
    *   Identify patients with potential to impact outcomes
    *   Coordinate care with seamless communication Identify fee-for-service revenue opportunities
    
*   *   Exchange meaningful information securely
    *   Connect disparate systems to any device
    *   Access data from other providers, organizations and EHRs
    *   Support the latest interoperability and align with Meaningful Use
    
*   *   Provide better check-in and billing
    *   Automate charge creation
    *   Ensure clean claims and reduce denials
    *   Monitor performance and gain insights
    

NextGen Office

Small practices

An all-in-one solution to run your practice so you can focus on care. Practice the way you want with an award-winning, cloud-based EHR that includes a practice management platform and a patient portal.

Learn more

NextGen Enterprise

Mid-size to enterprise practices

A powerhouse EHR solution that’s scalable and adaptable to suit your specialty, workflow, and preferences. With robust specialty-specific clinical content, best-in-class practice management, advanced analytics, RCM, Clearinghouse, patient engagement, and mobile documentation, we’ve got you covered.

Learn more

Experience the benefits of one system, one partner

An EHR system that works seamlessly across the entire organization—EHR, practice management (PM), interoperability, patient self-scheduling, virtual visits, check-in, examination, documentation, check-out, billing, etc. is ideal.

Clinical templates for 26 specialties

Designed with all the productivity tools and reporting capabilities providers need, we have pre-built clinical content for 26 specialties to help you achieve better outcomes. Plus, you can configure the templates to your heart’s delight.

A virtual front door

People expect an excellent digital experience to connect with your practice. Our solutions make it easy for your patients to communicate with your practice, schedule appointments, access their medical records, complete forms, and pay their bills.

Care for your community

Manage the care of your community with a powerful population health solution. Our user-friendly population health solutions sync with your EHR, provide risk stratification of your patient population, help identify gaps in care, and support patient outreach.

A Mobile EHR

With a mobile extension of your practice, you give providers an easier way to work, from anywhere. The access enabled by a mobile EHR means you can treat patients anywhere—and all documentation flows into the patient chart automatically.

The right data now

Securely exchange health information and connect disparate systems across a patient’s entire spectrum of care, easily. Better interoperability is defined by capabilities that boost speed, security, cost-effectiveness, and compliance. Get the data you need when and where you need it.

Secure hosting with AWS

Focus on patient care, not IT management. Scalable, cloud-based hosting services can help reduce the burden of health IT maintenance, speed implementations, simplify upgrades, and cut technology costs. Amazon Web Services (AWS) offer world-class security capabilities and system performance.

People are loving NextGen Healthcare

Hear what our clients have to say about us

****Our clients are making healthcare better****

Everything we do is with our clients in mind. Our solutions are driven by our clients’ input, designed with their needs at the center. Every decision we make is to help our clients become more successful, to improve their clinical and financial outcomes, and to strengthen the health of their communities. We are grateful for our clients every day, in every corner of this company.

We needed a solution that offers meaningful insights to support and sustain our growth. An added benefit of this fluid functionality and connectivity is that it streamlines processes for our staff and provides a better work/life balance for our doctors.

CMO Morris Heights Health Center

Related Content

Learn more about NextGen Healthcare solutions

****The results speak for themselves****

Our solutions have garnered many accolades, but we’re most proud of improving the lives of patients and providers. We continue to develop innovations that help make healthcare better for everyone.

Ready to upgrade your practice?

Make the switch to NextGen Healthcare

CVE-2023-37679: NextGen Healthcare

Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® QAT Drivers Advisory**

**Summary: **

Potential security vulnerabilities in some Intel® QuickAssist Technology (QAT) drivers may allow escalation of privilege.  Intel is releasing software updates to mitigate these potential vulnerabilities.  
 

**Vulnerability Details:**

CVEID: CVE-2022-36397

Description: Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.3 High

Description: Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H  
 

**Affected Products:**

Intel recommends updating Intel® QAT drivers for Linux to version 4.17 or later.

*   Updates are available for download at this location:  
    https://downloadmirror.intel.com/738667/QAT.L.4.18.1-00001.tar.gz

Intel recommends updating Intel® QAT drivers for Windows to version 1.6 or later.

*   Updates are available for download at this location:  
    https://www.intel.com/content/www/us/en/download/19732/intel-quickassist-technology-driver-for-windows-hw-version-1-7.html  
     

**Acknowledgements:**

Intel would like to thank Greg Thomas (CVE-2022-36397) and Marius Gabriel Mihai (CVE-2022-37340) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/14/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-37340: INTEL-SA-00751

Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Ethernet Controller Administrative Tools Drivers Advisory**

**Summary: **

A potential security vulnerability in some Intel® Ethernet Controller Administrative Tools drivers for Windows may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.  
 

**Vulnerability Details:**

CVEID: CVE-2022-27808

Description: Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.3 Medium

**Affected Products:**

Intel® Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2.  
 

**Recommendations:**

Intel recommends updating Intel® Ethernet Controller Administrative Tools drivers for Windows to version 1.5.0.2 or later, which is included for download in the Intel® Administrative Tools for Intel® Network Adapters version 27.6 or later.

Updates are available for download at these locations:

*   Intel® Administrative Tools for Intel® Network Adapters:  
    https://www.intel.sg/content/www/xa/en/download/2593/administrative-tools-for-intel-network-adapters.html.
*   Intel® Ethernet Adapter Complete Driver Pack:  
    https://www.intel.com/content/www/us/en/download/15084/739627/intel-ethernet-adapter-complete-driver-pack.html  
     

**Acknowledgements:**

The issue was found externally.  Intel would like to thank Aobo Wang of Chaitin Security Research Lab (CVE-2022-27808) for reporting the issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/14/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-27808: INTEL-SA-00761

Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® OFU Software Advisory**

**Summary: **

Potential security vulnerabilities in the Intel® One Boot Flash Update (OFU) software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-41784

Description: Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-42465

Description: Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

**Affected Products:**

Intel® OFU software before version 14.1.30.

**Recommendations:**

Intel recommends updating Intel® OFU software to version 14.1.30 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19032/

**Acknowledgements:**

Intel would like to thank Aobo Wang of Chaitin Security Research Lab for reporting CVE-2022-41784.

The following issue CVE-202242465 was found by Intel employees Benny Zeltser and Yehonatan Lusky.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-41784: INTEL-SA-00792

Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® HDMI Firmware Update Tool for NUC Advisory**

**Summary: **

Potential security vulnerabilities in the Intel® HDMI Firmware Update Tool for NUC may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-40971

Description: Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2022-21162

Description: Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® HDMI Firmware Update Tool for NUC before version 1.79.1.1.

**Recommendations:**

Intel recommends updating the Intel® HDMI Firmware Update Tool for NUC to version 1.79.1.1 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19749/hdmi-firmware-update-tool-for-nuc7i3dn-nuc7i5dn-nuc7i7dn.html

**Acknowledgements:**

Intel would like to thank FalconCorruption (CVE-2022-40971) for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Search

lenovo warranty check/lookup | check warranty status | lenovo support us