In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

All Vulnerability Reports

**CVE-2022-22971: Spring Framework DoS with STOMP over WebSocket**  
**Severity**

Medium

**Vendor**

Spring by VMware

**Description**

A Spring application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

**Affected VMware Products and Versions**

Severity is medium unless otherwise noted.

*   Spring Framework
    *   5.3.0 to 5.3.19
    *   5.2.0 to 5.2.21
    *   Older, unsupported versions are also affected

**Mitigation**

Users of affected versions should apply the following mitigation: 5.3.x users should upgrade to 5.3.20; 5.2.x users should upgrade to 5.2.22. No other steps are necessary. Releases that have fixed this issue include:

*   Spring Framework
    *   5.3.20
    *   5.2.22

**Credit**

This vulnerability was responsibly reported to VMware by David Delbecq and Rémy Vermeiren from HMS Industrial Networks, Business Unit Ewon, R&D Department - Software.

**References**

*   https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

**History**

2022-05-11: Initial vulnerability report published.

CVE-2022-22971: CVE-2022-22971 | Security

By Jon Munshaw. 
Welcome to this week’s edition of the Threat Source newsletter. 
Mandatory multi-factor authentication is all the rage nowadays. GitHub just announced that all contributors would have to enroll in MFA by 2023 to log into their accounts. And Google announced as part of...


[[ This is only the beginning! Please visit the blog for the complete entry ]]

_By Jon Munshaw._ 

Welcome to this week’s edition of the Threat Source newsletter. 

Mandatory multi-factor authentication is all the rage nowadays. GitHub just announced that all contributors would have to enroll in MFA by 2023 to log into their accounts. And Google announced as part of World Password Day that it would soon be making MFA compulsory for all users.  

But is it too little, too late? 

Don’t get me wrong, MFA is one of the best first lines of defense for preventing a cyber attack or any other type of network intrusion. It comes up in pretty much every Talos blog post and Talos Takes episode I record.  

However, if we keep pushing off the deadline for making this step mandatory, it only gives attackers more time to catch up to us. Adversaries have already figured out ways to intercept MFA codes that are sent via SMS message, as. I talked about with Wendy Nather last year. 

And on the latest Beers with Talos episode, Nate Pors from Talos Incident Response talked about “prompt bombing” users, essentially annoying them to the point that they click “yes” on an MFA prompt and let a bad guy in.  

By the time MFA becomes mandatory on major sites and for some of our most important accounts on the internet, what other types of attacks will threat actors come up with to get around it. Already, one-time codes are starting to become out-of-fashion in favor of FIDO or certificate-based PKI authentication. Rather than adopting what should have been standard practice several years ago, is it time to start thinking about what the future of MFA is? 

It might be best for us to all look forward to zero-trust as our security future. It’s something the federal government is already looking at, but it goes without saying that things don’t happen quickly within the government at any level.  

In the meantime, everyone should work toward making MFA mandatory as quickly as possible. Yes, it can be a pain, but it will save many future headaches. If you do have MFA already, rely on app push notifications rather than SMS-based authentication. And, as always, user education is important. It should go without saying but tell users that unless they know they initiated an MFA push, they should never click on it. Even if it’s 3 a.m. 

**The one big thing **

The MustangPanda threat actor is breaking with what many would think to be protocol, and recently started targeting Russian organizations. MustangPanda has long thought to be a Chinese state-sponsored actor. Thus far in Russia’s invasion of Ukraine, China has been slow to criticize Russia and hasn’t taken part in many of the Western-backed sanctions levied against Russia over the past few months. This seems to break MustangPanda’s attack pattern, but also illustrates that this longstanding actor isn’t going anywhere.  

> **Why do I care? **
> 
> Over the years, Mustang Panda has evolved their tactics and implants to target a wide range of entities spanning multiple governments in three continents, including the European Union, the U.S., Asia and pseudo allies such as Russia. By using summit- and conference-themed lures in Asia and Europe, this attacker aims to gain as much long-term access as possible to conduct espionage and information theft. 
> 
> **So now what? **We’ll keep following MustangPanda’s choice of targets, especially as a continued wave of big game hunting ransomware attacks continues. They’ve shown that pretty much no one is off limits. We have new Snort rules available to protect users against the download and execution of their signature PlugX malware, plus many other forms of protection against their attacks and known exploits.  

**Other news of note**

A critical vulnerability in F5’s BIG-IP software is being exploited actively in the wild, taking the security community by storm. BIG-IP is a line of appliances that act as load balancers, firewalls, and can inspect and encrypt data going in and out of networks. This particular vulnerability has a severity score of 9.8 out of 10, but what’s more notable is that there are more than 16,000 instances of this software discoverable online, and it’s used by some of the world’s largest companies. This software has a close proximity to network perimeters and often looks at the decrypted version of HTTPS-protected traffic, so if an attacker exploits this, it opens several avenues for further attacks.  (Talos blog, ZDNet, Ars Technica) 

Multiple Western governments publicly blamed Russian state-sponsored actors for launching a cyber attack against an American satellite communications company in the weeks leading up to Russia’s invasion of Ukraine. The E.U., U.K. and U.S. all released separate reports saying attackers hit the European networks belonging to Viasat, just as the invasion started on Feb. 24. A statement from the U.S. State Department said “The activity disabled very small aperture terminals in Ukraine and across Europe” that, “among other things, support wind turbines and provide Internet services to private citizens.” (State Department, NBC News) 

Microsoft released more than 70 vulnerabilities as part of its weekly security update. May’s Patch Tuesday includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. There’s also a vulnerability in the Magnitude Simba Amazon Redshift ODBC Driver that affects the Windows self-hosted integration runtime service. Adobe also issued five security bulletins on Tuesday, covering 18 vulnerabilities across Adobe CloudFusion, InDesign, Character Animator, Framemaker and other software. However, none of these issues have been actively exploited in the wild, according to Adobe. (Talos blog, Adobe) 

**Can’t get enough Talos? **

*   Celebrating 20 years of ClamAV
*   Bitter APT adds Bangladesh to their targets
*   Vulnerability Spotlight: Vulnerability in Alyac antivirus program could stop virus scanning, cause denial of service
*   Talos Incident Response added to German BSI Advanced Persistent Threat response list
*   Threat Roundup for April 29 - May 6

  

**Upcoming events where you can find Talos ****NorthSec 2022 (May 19 – 20, 2022)  
Montreal, Canada ****REcon (June 3 – 5, 2022)  
Montreal, Canada ****RSA 2022 (June 6 – 9, 2022)  
San Francisco, California ****Cisco Live U.S. (June 12 – 16, 2022)  
Las Vegas, Nevada ****Most prevalent malware files from Talos telemetry over the past week  **

**SHA 256:** e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934  **MD5:** 93fefc3e88ffb78abb36365fa5cf857c  **Typical Filename:** Wextract    
**Claimed Product:** Internet Explorer    
**Detection Name:** PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg  

**SHA 256:** a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91   **MD5:** 7bdbd180c081fa63ca94f9c22c457376  **Typical Filename:** c0dwjdi6a.dll    
**Claimed Product:** N/A   **Detection Name:** Trojan.GenericKD.33515991  

**SHA 256:** 1b94aaa71618d4ecba665130ae54ef38b17794157123675b24641dc85a379426    
**MD5:** a841c3d335907ba5ec4c2e070be1df53  **Typical Filename:** chip 1-click installer.exe    
**Claimed Product:** chip 1-click installer     
**Detection Name:** Win.Trojan.Generic::ptp.cam  

**SHA 256:** 59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa   **MD5:** df11b3105df8d7c70e7b501e210e3cc3   **Typical Filename:** DOC001.exe   **Claimed Product:** N/A     
**Detection Name:** Win.Worm.Coinminer::1201  

**SHA 256:** e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c  **MD5:** a087b2e6ec57b08c0d0750c60f96a74c  **Typical Filename:** AAct.exe    
**Claimed Product:** N/A    **Detection Name:** PUA.Win.Tool.Kmsauto::1201

Threat Source newsletter (May 12, 2022) — Mandatory MFA adoption is great, but is it too late? 

Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Optane SSD Firmware Advisory**

Intel ID:

INTEL-SA-00563

Advisory Category:

Firmware

Impact of vulnerability:

Escalation of Privilege, Denial of Service, Information Disclosure

Severity rating:

HIGH

Original release:

05/10/2022

Last revised:

05/10/2022

**Summary: **

Potential security vulnerabilities in some Intel® Optane™ SSD and Intel® Optane™ SSD Data Center (DC) products may allow escalation of privilege, denial of service or information disclosure.  Intel is releasing firmware updates and prescriptive guidance to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2021-33078

Description: Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 7.9 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

CVEID: CVE-2021-33077

Description: Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CVEID: CVE-2021-33080

Description: Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CVEID: CVE-2021-33074

Description: Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 6.8 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CVEID: CVE-2021-33069

Description: Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2021-33075

Description: Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2021-33083

Description: Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2021-33082

Description: Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 5.3 Medium

CVSS Vector:  CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

**Affected Products:**

Effective December 29th, 2021, the following products continue being supported by Intel Corporation:

Intel® Optane™ SSD DC D4800X Series all versions.

Intel® Optane™ SSD DC P4800X/P4801X Series before version E2010600.

Intel® Optane™ SSD P5800X Series before version L3010200.

Intel® Optane™ SSD 905P/900P Series all versions.

Intel® Optane Memory H10 with Solid State Storage Series all versions.

Intel® Optane Memory H20 with Solid State Storage Series all versions.

For affected Intel® SSD or Intel® SSD DC NAND products, Intel recommends customers consult the security advisory published at https://www.solidigmtechnology.com/en/support.html or contact Solidigm™ technology at security@solidigmtechnology.com.

**Recommendations:**

**Product Family**

**Mitigated Version or higher**

Intel® Optane™ SSD DC D4800X Series

Consult prescriptive guidance

Intel® Optane™ SSD DC P4800X/P4801X Series

E2010600

Intel® Optane™ SSD P5800X Series

L0310200

Intel® Optane™ Memory H20 with Solid State Storage

PGF028K

Consult prescriptive guidance

Intel® Optane™ Memory H10 with Solid State Storage

TGF061K

Intel® Optane™ SSD 905P/900P Series

FW600

Prescriptive guidance for CVE-2021-33082: A possible workaround is to use one of the following commands listed below instead of the Sanitize command with Block Erase operation:

*   NVMe Sanitize command, Crypto Erase (SANACT=04h) or
*   NVMe Format NVM command, User Data Erase or Crypto Erase (SES=01h or SES=02h)

Check the Identify Controller Data Structure below, for capability your drive supports in lieu of sanitize erase feature:

*   Sanitize command, Crypto Erase (offset 331:328, SANICAP bit 00h) and
*   NVMe Format NVM command (offset 257:256, OACS bit 01h)

Updates are available for download at this location: https://www.intel.com/content/www/us/en/support/products/35125/memory-and-storage.html#support-product-selector  

**Acknowledgements:**

These issues were found internally by Intel.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/10/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2021-33078: INTEL-SA-00563

An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability.

**Summary**

An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability.

**Tested Versions**

ESTsoft Alyac 2.5.7.7

**Product URLs**

Alyac - https://www.estsecurity.com/public/product/alyac

**CVSSv3 Score**

5.0 - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

**CWE**

CWE-823 - Use of Out-of-range Pointer Offset

**Details**

Alyac is an antivirus program for Microsoft Windows, developed by ESTsecurity, which is part of ESTsoft.

There exists a vulnerability in a module called coen.aym used by Alyac when scanning PE executable files. Module coen.aym is reponsible for loading different engines and modules for handling archive formats and initiating the scan. the

While parsing the malformed PE executable file, function sub_180086C30 is called. This function tries to locate the section header of .text section by parsing the PE file. At \[1\] below, rax register stores the address of the PE\0\0 signature.

    .text:0000000180086C69 loc_180086C69:                          ; CODE XREF: sub_180086C30+24↑j
    .text:0000000180086C69                                         ; sub_180086C30+2A↑j
    .text:0000000180086C69                 mov     rax, [rdi+10h]                                   [1]
    .text:0000000180086C6D
    .text:0000000180086C6D loc_180086C6D:                          ; DATA XREF: .rdata:0000000180405CAC↓o
    .text:0000000180086C6D                                         ; .rdata:0000000180405CC8↓o ...
    .text:0000000180086C6D                 mov     [rsp+28h+arg_0], rbx
    .text:0000000180086C72                 xor     ebx, ebx
    .text:0000000180086C74                 mov     [rsp+28h+arg_8], rsi
    .text:0000000180086C79                 mov     [rsp+28h+arg_10], r14
    .text:0000000180086C7E                 cmp     bx, [rax+6]     ; Number of sections             [2]
    .text:0000000180086C82                 jnb     short loc_180086CC1
    .text:0000000180086C84                 mov     r14d, ecx
    .text:0000000180086C87                 nop     word ptr [rax+rax+00000000h]
    .text:0000000180086C90
    .text:0000000180086C90 loc_180086C90:                          ; CODE XREF: sub_180086C30+8F↓j
    .text:0000000180086C90                 lea     rcx, [rbx+rbx*4]
    .text:0000000180086C94                 mov     r8, r14         ; MaxCount
    .text:0000000180086C97                 lea     rsi, ds:0[rcx*8]
    .text:0000000180086C9F                 mov     rdx, rbp        ; String2 ".text"
    .text:0000000180086CA2                 mov     rcx, [rdi+18h]  ;                                [3]
    .text:0000000180086CA6                 add     rcx, rsi        ; String1 SectionHeader->Name
    .text:0000000180086CA9                 call    cs:_strnicmp    ; crash!                         [4]
    .text:0000000180086CAF                 test    eax, eax
    .text:0000000180086CB1                 jz      short loc_180086CDD
    .text:0000000180086CB3                 mov     rax, [rdi+10h]
    .text:0000000180086CB7                 inc     ebx
    .text:0000000180086CB9                 movzx   ecx, word ptr [rax+6]                            
    .text:0000000180086CBD                 cmp     ebx, ecx                                         [5]
    .text:0000000180086CBF                 jb      short loc_180086C90
    

Next, it goes into a loop enumerating each section header to find one with the Name field set as .text. Section table, which follows the PE header, is a list of section headers. Each section header has an 8-byte field at offset +0 to store the name.

RBX register is used as the loop counter, which is initialized to 0. It is compared to the NumberOfSections field in the file header (part of PE header) at \[2,5\] so it does not search beyond number of sections. Inside the loop, the offset to the section header is increased by 40 bytes each iteration, which is equal to the size of the section header. The offset is added to RCX register, which stores the location of the section table from \[3\].

While a check is made to make sure only the specified number of section headers is processed, it doesn’t check if the PE executable file is big enough to store the number of section headers as defined in the file header. So if given a large number of section headers without .text section header, the loop will continue reading until it goes out of bounds of file size, which will eventually cause access violation at \[4\]. This leads to a crash of the Alyac scanning process, which effectively neutralizes the antivirus scan.

**Crash Information**

    0:018> k
    # Child-SP          RetAddr               Call Site
    00 00000053`d1c9e3c8 00007ff8`8b286caf     ucrtbase!_ascii_strnicmp+0xe
    01 00000053`d1c9e3d0 00007ff8`8b23f8ba     coen!Coen_Clean+0x72d1f
    02 00000053`d1c9e400 00007ff8`8b27d32c     coen!Coen_Clean+0x2b92a
    03 00000053`d1c9e4c0 00007ff8`8b27cd06     coen!Coen_Clean+0x6939c
    04 00000053`d1c9e770 00007ff8`8b263534     coen!Coen_Clean+0x68d76
    05 00000053`d1c9e910 00007ff8`8b2191c2     coen!Coen_Clean+0x4f5a4
    06 00000053`d1c9ebb0 00007ff8`8b205a50     coen!Coen_Clean+0x5232
    07 00000053`d1c9ed30 00007ff8`8b213a4a     coen+0x5a50
    08 00000053`d1c9ee70 000001eb`7cddd73e     coen!Coen_ScanHandle+0xba
    09 00000053`d1c9eee0 000001eb`7cdc6907     ecm!GetModuleConfigValue+0x64ae
    0a 00000053`d1c9ef90 000001eb`7cdfa88e     ecm+0x56907
    0b 00000053`d1c9f110 000001eb`7cdd69f0     ecm!GetModuleConfigValue+0x235fe
    0c 00000053`d1c9f1f0 00007ff8`d5632a51     ecm!ScanFile+0x40
    0d 00000053`d1c9f230 00007ff8`d564c219     scn+0x32a51
    0e 00000053`d1c9f350 00007ff8`d564b63f     scn!ForceCloseScan+0xebf9
    0f 00000053`d1c9f850 00007ff8`d564ab3d     scn!ForceCloseScan+0xe01f
    10 00000053`d1c9fa70 00007ff8`eb6c6c0c     scn!ForceCloseScan+0xd51d
    11 00000053`d1c9faa0 00007ff8`ec8654e0     ucrtbase!thread_start<unsigned int (__cdecl*)(void *),1>+0x4c
    12 00000053`d1c9fad0 00007ff8`edec485b     KERNEL32!BaseThreadInitThunk+0x10
    13 00000053`d1c9fb00 00000000`00000000     ntdll!RtlUserThreadStart+0x2b
    

**Vendor Response**

The product was updated to 2.5.7.7

https://www.estsecurity.com/public/product/alyac

**Timeline**

2022-01-31 - Vendor disclosure  
2022-04-12 - Talos reissued copies of report  
2022-04-29 - Vendor patched  
2022-05-10 - Public Release  

Discovered by Jaewon Min of Cisco Talos.

CVE-2022-21147: TALOS-2022-1452 || Cisco Talos Intelligence Group

Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2022.1 IPU - Intel® Xeon® Advisory**

Intel ID:

INTEL-SA-00616

Advisory Category:

Firmware

Impact of vulnerability:

Denial of Service, Information Disclosure

Severity rating:

LOW

Original release:

05/10/2022

Last revised:

05/10/2022

**Summary:**

Potential security vulnerabilities in some Intel® Xeon® Processors may allow information disclosure or denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-21131

Description: Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVEID: CVE-2022-21136

Description: Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 2.7 Low

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

**Affected Products:**

**Processor**

**CPU ID**

**CVE**

Intel® Xeon Scalable Processors

50653, 50654

CVE-2022-21131, CVE-2022-21136

Intel® Xeon® D-2100 Processor

50654

CVE-2022-21131, CVE-2022-21136

2nd Generation Intel® Xeon® Scalable Processors

50656, 50657

CVE-2022-21131

Intel® Core™ i9, 79xxX, 78xxX

50654

CVE-2022-21131, CVE-2022-21136

**Recommendations:  
**

Intel recommends that users of Intel® Xeon Processors update to the latest version provided by the system manufacturer that addresses these issues

**Acknowledgements:**

CVE-2022-21136 issue was found internally by Intel employees, CVE-2022-21131was found externally.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/10/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-21131: INTEL-SA-00616

Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® SGX Linux Kernel Drivers Advisory**

**Summary: **

A potential security vulnerability in Intel® SGX Linux kernel drivers may allow denial of service.  Intel is working with the Linux kernel maintainers to create a mitigation.

**Vulnerability Details:**

CVEID: CVE-2021-33135

Description: Uncontrolled resource consumption in the Linux kernel drivers for Intel® SGX may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.2 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

**Affected Products:**

Intel® SGX Linux kernel driver from Intel version 2.14 and before.

Linux kernel driver for Intel® SGX from upstream/kernel.org.

**Recommendations:**

Intel® SGX Linux kernel driver mitigation available for download at:

https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/driver/linux

Linux community mitigation available for download at kernel.org.

**Acknowledgements:**

This issue was found internally by Intel employees.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/10/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2021-33135: INTEL-SA-00603

Red Hat Security Advisory 2022-2232-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and enhancements. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Data Grid 8.3.1 security update  
Advisory ID:       RHSA-2022:2232-01  
Product:           Red Hat JBoss Data Grid  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:2232  
Issue date:        2022-05-12  
CVE Names:         CVE-2020-36518 CVE-2021-38153 CVE-2022-0084   
=====================================================================

1. Summary:

An update for Red Hat Data Grid is now available.

 Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution.  
It increases application response times and allows for dramatically  
improving performance while providing availability, reliability, and  
elastic scale.

 Data Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and  
enhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3].

Security Fix(es):

* jackson-databind: denial of service via a large depth of nested objects  
[jdg-8] (CVE-2020-36518)

* kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka  
Connect and Clients [jdg-8] (CVE-2021-38153)

* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of  
stderr [jdg-8] (CVE-2022-0084)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

To install this update, do the following:

 1. Download the Data Grid 8.3.1 Server patch from the customer portal[²].  
2. Back up your existing Data Grid installation. You should back up  
databases, configuration files, and so on.  
3. Install the Data Grid 8.3.1 Server patch.  
4. Restart Data Grid to ensure the changes take effect.

For more information about Data Grid 8.3.1, refer to the 8.3.1 Release  
Notes[³]

4. Bugs fixed (https://bugzilla.redhat.com/):

2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients  
2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr  
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects

5. References:

https://access.redhat.com/security/cve/CVE-2020-36518  
https://access.redhat.com/security/cve/CVE-2021-38153  
https://access.redhat.com/security/cve/CVE-2022-0084  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=securityPatches&version=8.3  
https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYn0zH9zjgjWX9erEAQhZLw/+JPEE+waFwwS+b4v4/LLIwTjtFhXPqZYP  
WArn7i/vjG6ktOsZU397wdlik4Sv+tmPVX+aElmXLnTALJiOsm7iWjEjuT8qPhqt  
c2V9xN6vEQC7V1IXdwbUQwlkt3r40XbfhsGc4KKHjA8J5fWECwkByM5ofQ4j59jO  
lxpIPa5yRjCV8/4p7lKAXFYMeBInZtb8i4c7pYVnA9Eq+o2bRpV9P3/ES9q8xGF8  
yVBC1Gt/fDZlmDznxlzUEih4HMxmW1uwQhZFHbw6jp6D0bYCn1wWrC6y7FYUmRJ6  
/13BnHV27naz+xBGuSA6EB+AKmzlA85NyIimN2h63AT8VJb2IYv0vM2JMb0JRdK0  
8SAE6hYmjodKxVcqANsBRiiea3vR9GTLN71zCXP8Pmk0dsI1GK29s574QuxUpKSQ  
YY8vXaL0K3j35IsGzmr7AvlYCQr1d3GPFaTnnj3XK+asRDMDrFvw8sCsNjLGRgHI  
dzZdcjpnIi3DXsp3ic1qRbZHpd9C/3o1r7hU++/nkkNNKXjGmzU+EAutaVHXxgLO  
XyuIIScDVb5kNrBpH5krzqU2TA31TFz0RGN5Am6vm8zc5rGyW7iMijAAreU8icgn  
Vt6KDpeDYuTffOBgo9WLR7kmo4xq7w94e1rDFxmGhL2OlsJI7S9gTxMhn/lONxTy  
IZnZKy4mPpA=  
=6Kqs  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-2232-01

Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

**Description**

The Organizr application allows to sending a very long password (10000000 characters) it's possible to cause a denial of service attack on the server. This may lead to the website becoming unavailable or unresponsive. Usually, this problem is caused by a vulnerable password hashing implementation. When a long password is sent, the password hashing process will result in CPU and memory exhaustion.

**Proof of Concept**

1.Sign up to the application, capture the request in burp suites, and send it to Repeater.

2.Copy the payload from this link:- https://drive.google.com/file/d/11AwLp8Ae1\_eJqGb44W9QJDtPmVw-1RSQ/view?usp=sharing and paste on password parameter and send go.

3.You will see that the application allows long passwords this can leads to Dos and can exploit as DDos

**Video PoC**

    https://drive.google.com/file/d/1V_ZoXRJGkF7XSGdXJ4yPKRtQoxeTDyFe/view?usp=sharing
    

**Impact**

This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

Tag

#dos