{"vulnerability": "cve-2022-2447", "sightings": [{"uuid": "ee5b9ad5-a14d-48c4-aa56-6bc945619ad7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24470", "type": "seen", "source": "https://t.me/cibsecurity/38596", "content": "\u203c CVE-2022-24517 \u203c\n\nAzure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24520.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-09T20:17:58.000000Z"}, {"uuid": "4f7636ff-5be4-4e2c-9dd5-c43573608e2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24477", "type": "published-proof-of-concept", "source": "https://t.me/avleonovrus/79", "content": "Hello everyone! In this episode, let\u2019s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August Patch Tuesdays.\n\nThere were 147 vulnerabilities. Urgent: 1, Critical: 0, High: 36, Medium: 108, Low: 2.\n\nThere was a lot of great stuff this Patch Tuesday. There was a critical exploited in the wild MSDT DogWalk vulnerability, 3 critical Exchange vulnerabilities that could be easily missed in prioritization, 13 potentially dangerous vulnerabilities, 2 funny vulnerabilities and 3 mysterious ones. Let\u2019s take a closer look.\n\n01:02 MSDT RCE DogWalk CVE-2022-34713\n02:38 3 Microsoft Exchange EOPs  (CVE-2022-21980, CVE-2022-24516, CVE-2022-24477)\n04:23 13 potentially dangerous vulnerabilities (PPP, SSTP, SMB,  Visual Studio, AD, NFS, Print Spooler) \n11:06 2 funny vulnerabilities (Edge CVE-2022-2623, Outlook CVE-2022-35742)\n12:46 3 mysterious vulnerabilities (CryptoPro, Eurosoft, New Horizon Data Systems)\n\nVideo:  https://youtu.be/gSC8ExHUtt8\nVideo2 (for Russia): https://vk.com/video-149273431_456239098\nBlogpost: https://avleonov.com/2022/08/23/microsoft-patch-tuesday-august-2022-dogwalk-exchange-eops-13-potentially-dangerous-2-funny-3-mysterious-vulnerabilities/\nFull report: https://avleonov.com/vulristics_reports/ms_patch_tuesday_august2022_report_with_comments_ext_img.html\n\n#microsoft #patchtuesday\n\n@avleonovcom", "creation_timestamp": "2022-08-29T20:46:30.000000Z"}, {"uuid": "a5b5a054-19f0-4aaa-8fcd-20e7a00d0e9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2447", "type": "seen", "source": "https://t.me/cibsecurity/49208", "content": "\u203c CVE-2022-2447 \u203c\n\nA flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defender's efforts to remove access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-02T00:38:35.000000Z"}, {"uuid": "cf0f2290-5dc2-4505-a095-84cf2629e866", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24473", "type": "seen", "source": "https://t.me/cibsecurity/40927", "content": "\u203c CVE-2022-24473 \u203c\n\nMicrosoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26901.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T22:26:44.000000Z"}, {"uuid": "971f0839-20de-48ab-bfe8-c4b063770565", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24479", "type": "seen", "source": "https://t.me/cibsecurity/40959", "content": "\u203c CVE-2022-24479 \u203c\n\nConnected User Experiences and Telemetry Elevation of Privilege Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T22:34:09.000000Z"}, {"uuid": "33671879-0bb4-4b77-8d0f-27f1c5420396", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24472", "type": "seen", "source": "https://t.me/cibsecurity/40908", "content": "\u203c CVE-2022-24472 \u203c\n\nMicrosoft SharePoint Server Spoofing Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T22:20:37.000000Z"}, {"uuid": "117917f8-d276-48bb-9f2a-1b98882c2495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24471", "type": "seen", "source": "https://t.me/cibsecurity/38596", "content": "\u203c CVE-2022-24517 \u203c\n\nAzure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24520.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-09T20:17:58.000000Z"}, {"uuid": "d9385065-f6e8-4c7c-9aeb-976605a91cbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24475", "type": "seen", "source": "https://t.me/cibsecurity/40215", "content": "\u203c CVE-2022-26895 \u203c\n\nMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-06T00:29:20.000000Z"}, {"uuid": "c9700149-4026-4bba-be8a-59bc9f999a5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24475", "type": "seen", "source": "https://t.me/cibsecurity/40202", "content": "\u203c CVE-2022-24475 \u203c\n\nMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-06T00:29:04.000000Z"}]}