An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page.

**TFTPlunder: an exploit for CVE-2023-29930**

This is an exploit script for a blind file read / write vulnerability in the Genesys (formerly InIn) TFTP provisioning server.

**Vulnerability info**

This vulnerability is due to unrestricted configuration options for the TFTP root path and file extensions. In other words, from the Admin interface, you can change the TFTP to any directory at all and upload or download whatever files you want.

(Note however that TFTP as a protocol does not allow for file listing, which is what makes this a _Blind_ file read vulnerability.)

It is particularly compounded by the fact that the server by default uses hardcoded known credentials and does not force the user to change them.

Classification-wise, it has aspects of the following CWEs:

*   CWE-22: Improper Limitation of a Pathname to a Restricted Directory
*   CWE-434: Unrestricted Upload of File with Dangerous Type
*   CWE-522: Insufficiently Protected Credentials

All known versions to date are vulnerable.

**Mitigation**

The best mitigation for now is simply to update the Admin credentials to the TFTP configuration server.

**Using this exploit**

I'd recommend using this with either a Jupyer notebook or the Python REPL loop, or for more advanced use cases, writing your own script and importing this file. Just import the main python file, instantiate the class, and call get\_file and put\_file as you please.

    $ python3
    >>> from tftplunder import TFTPlunder
    >>> tp=TFTPlunder("example.com")
    >>> tp.get_file("C:/Windows/Panther/Unattended.xml")
    >>> tp.get_file("C:/ProgramData/ntuser.pol")
    
    

etcetera

hint: see https://github.com/jtpereyda/regpol for help decoding ntuser.pol

and see lists such as https://github.com/soffensive/windowsblindread/blob/master/windows-files.txt for examples of other files to try.

CVE-2023-29930: GitHub - YSaxon/TFTPlunder: Exploit for CVE-2023-29930: blind file read/write in Genesys TFTP provisioning server configuration

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines.
The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023.
Akamai security

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines.

The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023.

Akamai security researcher Ben Barnea, who discovered and reported the bug, noted that all Windows versions are affected, but pointed out Microsoft, Exchange

servers with the March update omit the vulnerable feature.

"An unauthenticated attacker on the internet could use the vulnerability to coerce an Outlook client to connect to an attacker-controlled server," Barnea said in a report shared with The Hacker News.

"This results in NTLM credentials theft. It is a zero-click vulnerability, meaning it can be triggered with no user interaction."

It's also worth noting that CVE-2023-29324 is a bypass for a fix Microsoft put in place in March 2023 to resolve CVE-2023-23397, a critical privilege escalation flaw in Outlook that the company said has been exploited by Russian threat actors in attacks aimed at European entities since April 2022.

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

Akamai said the issue stems from complex handling of paths in Windows, thereby allowing a threat actor to craft a malicious URL that can sidestep internet security zone checks.

"This vulnerability is yet another example of patch scrutinizing leading to new vulnerabilities and bypasses," Barnea said. "It is a zero-click media parsing attack surface that could potentially contain critical memory corruption vulnerabilities."

In order to stay fully protected, Microsoft is further recommending users to install Internet Explorer Cumulative updates to address vulnerabilities in the MSHTML platform and scripting engine.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft

Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® QAT Advisory**

Intel ID:

INTEL-SA-00778

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Information Disclosure

Severity rating:

HIGH

Original release:

05/09/2023

Last revised:

05/09/2023

**Summary:**

Potential security vulnerabilities in some Intel® QuickAssist Technology (QAT) drivers for Windows may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-41699

Description: Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

  
CVEID: CVE-2022-40972

Description: Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

Description: Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 6.5 Medium

Description: Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

**Affected Products:**

Intel® QAT drivers for Windows before version 1.9.0.

**Recommendations:**

Intel recommends updating Intel® QAT drivers for Windows to version 1.9.0 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19732

**Acknowledgements:**

Intel would like to thank Aobo Wang of Chaitin Security Research Lab (CVE-2022-41771, CVE-2022-41699, CVE-2022-41621) and Falcon Corruption @falconCorrup (CVE-2022-40972) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-41771: INTEL-SA-00778

Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Unite® Client Software Advisory**

**Summary: **

A potential security vulnerability in the Intel® Unite® Client software for Windows may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-33963

Description: Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® Unite® Client software for Windows before version 4.2.34870.

**Recommendations:**

Intel recommends updating the Intel® Unite® Client software for Windows to version 4.2.34870 or later.

Updates are available for download at these locations:

https://www.intel.com/content/www/us/en/download/18371/intel-unite-app.html

**Acknowledgements:**

Intel would like to thank Amin saidani for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-33963: INTEL-SA-00782

Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® QAT Driver Advisory**

Intel ID:

INTEL-SA-00809

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Denial of Service, Information Disclosure

Severity rating:

HIGH

Original release:

05/09/2023

Last revised:

05/09/2023

**Summary: **

Potential security vulnerabilities in some Intel® QuickAssist Technology (QAT) drivers may allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-21804

Description: Out-of-bounds write in software for the Intel® QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.4 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CVEID: CVE-2022-21239

Description: Out-of-bounds read in software for the Intel® QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.6 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2022-41808

Description: Improper buffer restriction in software for the Intel® QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

**Affected Products:**

**Windows:**

The Intel® QAT Driver for Windows before version 1.9.0-0008.

**Linux:**

The Intel® QAT Driver for Linux before version 1.7.l.4.12.

**Recommendations:**

**Windows:**

Intel recommends updating Intel® QAT Driver for Windows to version 1.9.0-0008 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19732

**Linux:**

Intel recommends updating Intel® QAT Driver for Linux to version 1.7.l.4.12 or later.

Updates are available for download at this location:

https://01.org/sites/default/files/downloads/qat1.7.l.4.12.0-00011.tar.gz

**Acknowledgements:**

Intel would like to thank Zimi of Alibaba Orion Security Lab (CVE-2022-21804 and CVE-2022-21229) for reporting these issues.

The following issue (CVE-2022-41808) was found internally by an Intel employee.  Intel would like to thank Lukasz Odzioba.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-21239: INTEL-SA-00809

Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® NUC BIOS Update Software Advisory**

**Summary: **

A potential security vulnerability in some Intel® NUC Chaco Canyon BIOS update software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-38101

Description: Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® NUC 8 Rugged Kit NUC8CCHKR.

Intel® NUC Board NUC8CCHB.

**Recommendations:**

Intel recommends updating Intel® NUC Chaco Canyon BIOS update software to version iFlashV Windows 5.13.00.2105 or later.

Updates are available for download at these locations:

https://downloadmirror.intel.com/646815/iFlashV.zip

https://www.intel.com/content/www/us/en/download/19504

**Acknowledgements:**

Intel would like to thank Amin for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-38101: INTEL-SA-00780

Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® NUC Laptop Element Software Advisory**

**Summary: **

Potential security vulnerabilities in some Intel® NUC Laptop Element software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-41687

Description:  Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2022-41628

Description: Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2023-27382

Description: Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® NUC P14E Laptop Element software.

**Recommendations:**

Intel recommends updating the Intel® NUC P14E Laptop Element software to the latest versions. Updates are available for download at these locations:

Intel recommends updating the Audio Install Package for Windows® 10 for some Intel® NUC P14E Laptop Element software to version 1.0.0.156 or later. https://www.intel.com/content/www/us/en/download/19823/audio-install-package-for-windows-10-for-intel-nuc-p14e-laptop-element.html

Intel recommends updating the HotKey Services for Windows® 10 for some Intel® NUC P14E Laptop Element software to version 1.1.44 or later.

https://www.intel.com/content/www/us/en/download/19822/hotkey-services-for-windows-10-for-intel-nuc-p14e-laptop-element.html

**Acknowledgements:**

These issues where found externally.

Intel would like to thank FalconCorruption (CVE-2022-41628, CVE-2023-27382) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2023-27382: INTEL-SA-00802

The unidentified attackers have targeted people on both sides of Russia’s war against Ukraine, carrying out espionage operations that suggest state funding.

Ukrainian networks have been on the receiving end of grimly sophisticated and innovative cyberattacks from pRussia for nearly a decade, and Ukraine has increasingly struck back, particularly since the Kremlin's invasion last year. Amidst all of this and activity from other governments and hacktivists, researchers from the security firm Malwarebytes say that they've been tracking a new hacking group that has been conducting espionage operations since 2020 against both pro-Ukraine targets in central Ukraine and pro-Russia targets in eastern Ukraine. 

Malwarebytes attributes five operations between 2020 and the present to the group, which it has dubbed Red Stinger, though the researchers only have insights into two of the campaigns conducted in the past year. The group's motives and allegiance aren't yet clear, but the digital campaigns are noteworthy for their persistence, aggressiveness, and lack of ties to other known actors.

The campaign that Malwarebytes calls “Operation Four” targeted a member of Ukraine's military who works on Ukrainian critical infrastructure, as well as other individuals whose potential intelligence value is less obvious. During this campaign, attackers compromised victims' devices to exfiltrate screenshots and documents, and even record audio from their microphones. In Operation Five, the group targeted multiple election officials running Russian referendums in disputed cities in Ukraine, including Donetsk and Mariupol. One target was an adviser to Russia's Central Election Commission, and another works on transportation—possibly railroad infrastructure—in the region.

“We were surprised about how big these targeted operations were, and they were able to gather a lot of information,” says Roberto Santos, a threat intelligence researcher at Malwarebytes. Santos collaborated on the investigation with former colleague Hossein Jazi, who first identified Red Stinger activity. “We have seen past targeted surveillance, but the fact that they were collecting real microphone recordings from victims and data from USB drives, it's unusual to see.”

Researchers from the security firm Kaspersky first published about Operation 5 in late March, naming the group behind it Bad Magic. Kaspersky similarly saw the group focusing on government and transportation targets in eastern Ukraine, along with agricultural targets.

“The malware and techniques used in this campaign are not particularly sophisticated, but are effective, and the code has no direct relation to any known campaigns,” Kaspersky researchers wrote.

The campaigns begin with phishing attacks to distribute malicious links that lead to tainted ZIP files, malicious documents, and special Windows linking files. From there, attackers deploy basic scripts to act as a backdoor and a loader for malware. The Malwarebytes researchers note that Red Stinger seems to have developed its own hacking tools and reuses characteristic scripts and infrastructure, including specific malicious URL generators and IP addresses. The researchers were able to expand their understanding of the group's operations after discovering two victims who appear to have infected themselves with Red Stinger malware while testing it.

“It's happened in the past with different attackers that they infect themselves,” Santos says. “I think they just got lazy because they were undetected since 2020.”

Red Stinger appears to be currently active. With details about its operations now entering the public sphere, the group may tweak its methods and tools in an attempt to evade detection. The Malwarebytes researchers say that by releasing information about the group's activities, they hope other organizations will deploy detections for Red Stinger operations and search their own telemetry for additional indications of what the hackers have done in the past and who is behind the group.

A Mysterious New Hacker Group, Red Stinger, Is Lurking in Ukraine’s Cyberspace

The U.S. government on Tuesday announced the court-authorized disruption of a global network compromised by an advanced malware strain known as Snake wielded by Russia's Federal Security Service (FSB).
Snake, dubbed the "most sophisticated cyber espionage tool," is the handiwork of a Russian state-sponsored group called Turla (aka Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Venomous Bear,

The U.S. government on Tuesday announced the court-authorized disruption of a global network compromised by an advanced malware strain known as **Snake** wielded by Russia's Federal Security Service (FSB).

Snake, dubbed the "most sophisticated cyber espionage tool," is the handiwork of a Russian state-sponsored group called Turla (aka Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Venomous Bear, and Waterbug), which the U.S. government attributes to a unit within Center 16 of the FSB.

The threat actor has a track record of heavily focusing on entities in Europe, the Commonwealth of Independent States (CIS), and countries affiliated with NATO, with recent activity expanding its footprint to incorporate Middle Eastern nations deemed a threat to countries supported by Russia in the region.

"For nearly 20 years, this unit \[...\] has used versions of the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries, which have belonged to North Atlantic Treaty Organization (NATO) member governments, journalists, and other targets of interest to the Russian Federation," the Justice Department said.

"After stealing these documents, Turla exfiltrated them through a covert network of unwitting Snake-compromised computers in the United States and around the world."

The neutralization was orchestrated as part of an effort dubbed Operation MEDUSA by means of a tool created by the U.S. Federal Bureau of Investigation (FBI) codenamed PERSEUS that permitted the authorities to issue commands to the malware that caused it to "overwrite its own vital components" on infected machines.

The self-destruct instructions, engineered after decrypting and decoding the malware's network communications, caused the "Snake implant to disable itself without affecting the host computer or legitimate applications on the computer," the agency said.

Snake, according to an advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is designed as a covert tool for long-term intelligence collection on high-priority targets, enabling the adversary to create a peer-to-peer (P2P) network of compromised systems across the world.

What's more, several systems in the P2P network served as relay nodes to route disguised operational traffic to and from Snake malware implanted on FSB's ultimate targets, making the activity challenging to detect.

The C-based cross-platform malware further employs custom communication methods to add a new layer of stealth and features a modular architecture that allows for an efficient way to inject or modify components to augment its capabilities and retain persistent access to valuable information.

"Snake demonstrates careful software engineering design and implementation, with the implant containing surprisingly few bugs given its complexity," CISA said, adding initial versions of the implant were developed around early 2004.

"The name Uroburos is appropriate, as the FSB cycled it through nearly constant stages of upgrade and redevelopment."

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

Infrastructure associated with the Kremlin-backed group has been identified in over 50 countries across North America, South America, Europe, Africa, Asia, and Australia, although its targeting is assessed to be more tactical, encompassing government networks, research facilities, and journalists.

Victimized sectors within the U.S. include education, small businesses, and media organizations, as well as critical infrastructure sectors such as government facilities, financial services, critical manufacturing, and communications.

Despite these setbacks, Turla remains an active and formidable adversary, unleashing an array of tactics and tools to breach its targets across Windows, macOS, Linux, and Android.

The development comes a little over a year after U.S. law enforcement and intelligence agencies disarmed a modular botnet known as Cyclops Blink controlled by another Russian nation-state actor referred to as Sandworm.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

U.S. Government Neutralizes Russia's Most Sophisticated Snake Cyber Espionage Tool

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

Summary

Zipbomb resource exhaustion in Tentacle (CVE-2022-4008)

Advisory Number

2023-08

Discovery Date

16 Nov 2023

Patch Release Date

04 May 2023

Advisory Release Date

11 May 2023

Product

Octopus Tentacle

Operating System

Linux and Microsoft Windows

Severity

Medium

CVE ID

CVE-2022-4008

Customers who have downloaded and installed any of the Octopus Tentacle versions listed below ("Details") are affected.

Please upgrade your Octopus Tentacle immediately to fix this vulnerability.

Customers who have upgraded Octopus Tentacle to version 2023.1.10072 or higher are not affected.

**Severity**

Octopus Deploy has given this vulnerability a medium rating. This rating was given according to the Octopus Deploy severity levels, which ranks vulnerabilities as critical, high, medium, or low severity.

This is our assessment and you should evaluate its applicability to your own environment.

**Details**

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

The versions of Octopus Tentacle affected by this vulnerability are:

*   All 0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x versions
*   All 2018.x.x, 2019.x.x, 2020.x.x, 2021.x.x versions
*   All 2022.1.x, 2022.2.x versions
*   All 2022.3.x versions before 2022.3.11043
*   All 2022.4.x versions before 2022.4.8401

**Fix**

To address this vulnerability, we have released Octopus Tentacle version:

*   2022.3.11043
*   2022.4.8401

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

**What You Need to Do**

Octopus Deploy recommends that you upgrade to the latest version (2023.1.10072). You can download the latest version of Octopus Tentacle from https://octopus.com/downloads

**If you can't upgrade to the latest version (2023.1.10072):**

If you have feature version...

...then upgrade to this version

0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x

2022.3.11043 or greater

2018.x, 2019.x, 2020.x, 2021.x

2022.3.11043 or greater

2022.1.x, 2022.2.x

2022.3.11043 or greater

2022.3.x

2022.3.11043 or greater

2022.4.x

2022.4.8401 or greater

**Mitigation**

There is no known mitigation for CVE-2022-4008, it is important to upgrade to a fixed version as soon as possible.

**Support**

If you have any questions or concerns regarding this advisory, please contact our support team https://octopus.com/support.

**Exploitation and Public Announcements**

The Octopus Deploy security team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

**Source**

This vulnerability was found by Bartłomiej Górkiewicz

Tag

#windows