{"vulnerability": "CVE-2022-3397", "sightings": [{"uuid": "75ebb480-db36-4915-baa5-862e74fe4fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33973", "type": "seen", "source": "Telegram/WETuIXvOYXKpNYvve4RpUhp5sdmFcZPiISIcExvhQViljHj7", "content": "", "creation_timestamp": "2025-01-30T02:17:49.000000Z"}, {"uuid": "aab4685b-1a90-4120-8ed6-b6a6a461a5a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33972", "type": "seen", "source": "https://t.me/true_secator/4077", "content": "Intel \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u0434\u043b\u044f 10 \u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0435\u0449\u0435 \u0432 2021 \u0433\u043e\u0434\u0443.\n\nCVE-2021-39296 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u043e\u0439 (BMC) \u0438 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443 OpenBMC \u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u0445 Intel, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 netipmid (IPMI lan+).\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root-\u0434\u043e\u0441\u0442\u0443\u043f \u043a BMC \u0432 \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 IPMI.\n\n\u0412 BMC \u0438 OpenBMC \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0435\u0449\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0447\u0442\u0435\u043d\u0438\u044f \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a DoS.\n\nIntel \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0438, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 Integrated BMC 2.86, 2.09 \u0438 2.78, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 OpenBMC 0.72, wht-1.01-61 \u0438 egs-0.91-179.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u0441\u043d\u0443\u043b\u0438\u0441\u044c \u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445 Xeon \u0441 SGX (CVE-2022-33196), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0435\u0448\u0435\u043d\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c BIOS \u0438 \u043c\u0438\u043a\u0440\u043e\u043a\u043e\u0434\u0430.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 (CVE-2022-21216) \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445 Atom \u0438 Xeon, \u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043a\u043e\u0434\u0430 \u0434\u043b\u044f Xeon, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 CVE-2022-33972 (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u0445 \u0432\u044b\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0439), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u041f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u043e\u0431\u044a\u044f\u0432\u0438\u043b \u043e\u0431 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0441 \u0432\u044b\u0441\u043e\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 BIOS \u0438 \u043c\u043e\u0434\u0443\u043b\u044f\u0445 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 (SINIT) Trusted Execution Technology (TXT) \u0441 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 (ACM) \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 \u0442\u0430\u043a\u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u041f\u041e Driver Support Assistant (DSA), \u0430 \u0442\u0430\u043a\u0436\u0435 \u0431\u0430\u0433\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0438 \u0441\u0440\u043e\u043a\u0430 \u0441\u043b\u0443\u0436\u0431\u044b \u0431\u0430\u0442\u0430\u0440\u0435\u0438, oneAPI, SUR, \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0435 Server Platform Services (SPS), \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u041f\u041e Quartus Prime Pro \u0438 Standard.\n\n\u0412 SDK FPGA \u0434\u043b\u044f \u041f\u041e OpenCL Quartus Prime Pro, Integrated Sensor Solution, Media Software Development Kit (SDK), Trace Analyzer and Collector \u0438 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430\u0445 Xe MAX \u0434\u043b\u044f Windows \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435\u00a0\u0446\u0435\u043d\u0442\u0440\u0435\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Intel.", "creation_timestamp": "2023-02-16T16:30:08.000000Z"}, {"uuid": "5b5d2439-205d-4be5-9f95-33cf3ae2c64a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33978", "type": "seen", "source": "https://t.me/cibsecurity/51129", "content": "\u203c CVE-2022-33978 \u203c\n\nReflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T20:26:02.000000Z"}, {"uuid": "0a4cddda-25bf-4f97-a3d2-622e766b6cea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33970", "type": "seen", "source": "https://t.me/cibsecurity/47070", "content": "\u203c CVE-2022-33970 \u203c\n\nAuthenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:46:37.000000Z"}, {"uuid": "a620e947-6f05-4beb-bcd5-9e34e4ac0aab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33971", "type": "seen", "source": "https://t.me/cibsecurity/45552", "content": "\u203c CVE-2022-33971 \u203c\n\nAuthentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-04T13:01:27.000000Z"}]}