{"vulnerability": "CVE-2022-2467", "sightings": [{"uuid": "979f6d92-1c33-4af0-b26a-ef68ead292e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24670", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15814", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-24670\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)\n\ud83d\udd39 Description: An attacker can use the unrestricted LDAP queries to determine configuration entries\n\ud83d\udccf Published: 2022-10-27T16:53:00.019Z\n\ud83d\udccf Modified: 2025-05-09T19:17:19.956Z\n\ud83d\udd17 References:\n1. https://backstage.forgerock.com/knowledge/kb/article/a90639318\n2. https://backstage.forgerock.com/downloads/browse/am/featured", "creation_timestamp": "2025-05-09T19:26:08.000000Z"}, {"uuid": "b6c3c574-b0a3-4efe-a5f0-f5624ebad910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24674", "type": "seen", "source": "https://t.me/cibsecurity/60922", "content": "\u203c CVE-2022-24674 \u203c\n\nThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-28T22:39:59.000000Z"}, {"uuid": "d12701ca-339e-4ed5-b72b-896c2c611984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24672", "type": "seen", "source": "https://t.me/cibsecurity/60917", "content": "\u203c CVE-2022-24672 \u203c\n\nThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-28T22:39:52.000000Z"}, {"uuid": "2cde44c7-8edc-4dc1-9d6d-403a9d062093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24670", "type": "seen", "source": "https://t.me/cibsecurity/52163", "content": "\u203c CVE-2022-24670 \u203c\n\nAn attacker can use the unrestricted LDAP queries to determine configuration entries\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-27T20:33:31.000000Z"}, {"uuid": "19be79b4-7bbd-4a07-9c65-dc1d7fc34406", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2467", "type": "seen", "source": "https://t.me/cibsecurity/46532", "content": "\u203c CVE-2022-2467 \u203c\n\nA vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T14:40:31.000000Z"}, {"uuid": "b46ee565-65b7-4f29-b46b-5ba418a14e50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24677", "type": "seen", "source": "https://t.me/cibsecurity/37041", "content": "\u203c CVE-2022-24677 \u203c\n\nAdmin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-09T02:12:19.000000Z"}, {"uuid": "870931cd-0844-4795-b19c-7c1ffb1d22d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24676", "type": "seen", "source": "https://t.me/cibsecurity/37037", "content": "\u203c CVE-2022-24676 \u203c\n\nupdate_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-09T02:12:14.000000Z"}, {"uuid": "54a13b5d-bea1-4ffe-9d64-2edecefeb271", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24673", "type": "published-proof-of-concept", "source": "https://t.me/cultofwire/1099", "content": "Your printer is not your printer! \u0420\u0430\u0439\u0442\u0430\u043f\u044b \u043e\u0442 Devcore \u0441 Pwn2Own \u0432 \u0434\u0432\u0443\u0445 \u0447\u0430\u0441\u0442\u044f\u0445. \n\n\u0417\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043b\u0435\u0442 \u043f\u0440\u0438\u043d\u0442\u0435\u0440 \u0441\u0442\u0430\u043b \u043e\u0434\u043d\u0438\u043c \u0438\u0437 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0438\u043d\u0442\u0440\u0430\u0441\u0435\u0442\u0438, \u0438 \u0435\u0433\u043e \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0442\u0430\u043a\u0436\u0435 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b\u0438\u0441\u044c. \u0414\u043b\u044f \u0443\u0434\u043e\u0431\u0441\u0442\u0432\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u0435\u0447\u0430\u0442\u044c \u0438\u043b\u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0430 \u0444\u0430\u043a\u0441\u043e\u0432, \u043d\u043e \u0438 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b \u043f\u0435\u0447\u0430\u0442\u0438, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 AirPrint. \u041f\u0440\u044f\u043c\u0430\u044f \u043f\u0435\u0447\u0430\u0442\u044c \u0441 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0441\u0442\u0430\u043b\u0430 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432 \u044d\u043f\u043e\u0445\u0443 IoT. \u0418\u0445 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0435\u0433\u043e \u0434\u043b\u044f \u043f\u0435\u0447\u0430\u0442\u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0434\u0435\u043b\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432 \u0435\u0449\u0435 \u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u044b\u043c \u0437\u0430\u043d\u044f\u0442\u0438\u0435\u043c.\n\n\u041d\u043e \u0447\u0435\u043c \u0441\u043b\u043e\u0436\u043d\u0435\u0439 \u0438 \u0443\u043c\u043d\u0435\u0439 \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u044b \u0438 \u041c\u0424\u0423, \u0442\u0435\u043c \u0431\u043e\u043b\u044c\u0448\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043e\u043d\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438 \u0441\u043e\u0437\u0434\u0430\u0442\u044c.\n\n\u0412 \u043f\u0440\u0438\u0446\u0435\u043b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043e\u043f\u0430\u043b\u0438 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u044b:\n- HP Color LaserJet Pro M479fdw\n- Lexmark MC3224i\n- Canon imageCLASS MF743Cdw\n\n\u0412 2021 \u0433\u043e\u0434\u0443 \u0440\u0435\u0431\u044f\u0442\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 RCE (CVE-2022-24673 \u0438 CVE-2022-3942) \u0432 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430\u0445 Canon \u0438 HP, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2021-44734) \u0432 Lexmark. \u041e\u043d\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 Canon ImageCLASS MF644Cdw, HP Color LaserJet Pro MFP M283fdw \u0438 Lexmark MC3224i \u043d\u0430 Pwn2Own Austin 2021. \n\n\u0421\u0442\u0430\u0442\u044c\u0438 \u0432 \u0438\u0445 \u0431\u043b\u043e\u0433\u0435:\n- Your printer is not your printer! - Hacking Printers at Pwn2Own Part I \n- Your printer is not your printer! - Hacking Printers at Pwn2Own Part II", "creation_timestamp": "2023-11-09T13:12:24.000000Z"}]}