{"vulnerability": "CVE-2022-20345", "sightings": [{"uuid": "84be5dd3-ac21-4853-9fbd-176f197cc2c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20345", "type": "seen", "source": "https://t.me/cibsecurity/47890", "content": "\u203c CVE-2022-20345 \u203c\n\nIn l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:26:13.000000Z"}, {"uuid": "3a8d38ce-6fa5-408d-b49e-479c785d2176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20345", "type": "seen", "source": "https://t.me/TopCyberTechNews/83", "content": "Top Security News for 04/08/2022\n\nISC Stormcast For Thursday, August 4th, 2022 https://isc.sans.edu/podcastdetail.html?id=8116, (Thu, Aug 4th)\nhttps://malware.news/t/isc-stormcast-for-thursday-august-4th-2022-https-isc-sans-edu-podcastdetail-html-id-8116-thu-aug-4th/62369/1 \n\nNEW 'Off The Hook' ONLINE\nhttps://www.2600.com/hook/03-08-2022 \n\nResearchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users\nhttps://thehackernews.com/2022/08/researchers-warns-of-large-scale-aitm.html \n\nISC StormCast for Thursday, August 4th, 2022\nhttps://isc.sans.edu/podcastdetail.html?id=8116 \n\nHow to detect Brute Ratel C2 (beacons &amp; server deployments)\nhttps://www.reddit.com/r/netsec/comments/wf1kbn/how_to_detect_brute_ratel_c2_beacons_server/ \n\nIcedID leverages PrivateLoader\nhttps://malware.news/t/icedid-leverages-privateloader/62370/1 \n\nOld Men Confused Gen Z Isn\u2019t Making TikToks About Assassination of al-Zawahri\nhttps://www.vice.com/en_us/article/k7bbxw/old-men-confused-gen-z-isnt-making-tiktoks-about-assassination-of-al-zawahri \n\nVirusTotal Reveals Most Impersonated Software in Malware Attacks\nhttps://thehackernews.com/2022/08/virustotal-reveals-most-impersonated.html \n\nGoogle fixed Critical Remote Code Execution flaw in Android\nhttps://securityaffairs.co/wordpress/133956/security/android-critical-flaw-cve-2022-20345.html \n\nHow to protect yourself and your kids against device theft\nhttps://blog.malwarebytes.com/awareness/2022/08/how-to-protect-yourself-and-your-kids-against-device-theft/ \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-08-04T07:00:05.000000Z"}, {"uuid": "b9f6630e-ee9e-4adb-8ef0-09f97bc003d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20345", "type": "seen", "source": "https://t.me/poxek/2320", "content": "CVE-2022-20345\n\nIn l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481", "creation_timestamp": "2022-08-20T17:00:04.000000Z"}, {"uuid": "69b508ff-eb4d-4c72-b58b-5e95d5add9e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20345", "type": "seen", "source": "https://t.me/true_secator/3248", "content": "\u034fGoogle \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Android, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044e\u0449\u0443\u044e RCE \u0447\u0435\u0440\u0435\u0437 Bluetooth.\n\n\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0441\u0435\u0440\u0438\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u041e\u0421 Android \u0437\u0430\u043a\u0440\u044b\u0442\u043e \u0442\u0440\u0438 \u0434\u0435\u0441\u044f\u0442\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f CVE-2022-20345, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442.\u00a0\u041e\u043d \u0431\u044b\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 Android 12 \u0438 12L.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Google, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0447\u0435\u0440\u0435\u0437 Bluetooth-\u0430\u0442\u0430\u043a\u0443.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442\u0441\u044f.\n\n\u0412\u0441\u0435\u043c \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u043c\u00a0\u043e\u0448\u0438\u0431\u043a\u0430\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\u00a0\u0431\u044b\u043b \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\u00a0\u041e\u043d\u0438 \u0432\u043b\u0438\u044f\u044e\u0442 \u043d\u0430 Framework, Media Framework, System, Kernel, Imagination Technologies, MediaTek, Unisoc \u0438\u00a0\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b\u00a0Qualcomm. \u041c\u043d\u043e\u0433\u0438\u0435 \u0438\u0437 \u043d\u0438\u0445 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u044d\u0442\u0438\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0432 \u0443\u0440\u043e\u0432\u043d\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u00ab2022-08-01\u00bb \u0438 \u00ab2022-08-05\u00bb.\u00a0\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0433\u0438\u0433\u0430\u043d\u0442 \u0441\u043e\u0432\u0435\u0442\u0443\u0435\u0442 \u043f\u0430\u0440\u0442\u043d\u0435\u0440\u0430\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c, \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u044f\u044f \u0432\u0441\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u043e\u0434\u043d\u043e\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438.\n\n\u0412 \u0441\u0432\u043e\u0438\u0445\u00a0\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Pixel\u00a0Google \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 40 \u0434\u044b\u0440 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 RCE, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0435 \u043d\u0430 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u043c\u043e\u0434\u0435\u043c\u0430.\u00a0\u0422\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u0438\u043c\u0435\u044e\u0442 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u2014 \u0443\u043c\u0435\u0440\u0435\u043d\u043d\u044b\u0435.\n\nSamsung \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u00a0\u0434\u043b\u044f \u0441\u0432\u043e\u0438\u0445 \u0444\u043b\u0430\u0433\u043c\u0430\u043d\u0441\u043a\u0438\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0434\u043b\u044f \u044f\u0434\u0440\u0430 Android, \u0430 \u0442\u0430\u043a\u0436\u0435 20 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u043c \u041f\u041e.", "creation_timestamp": "2022-08-03T13:20:04.000000Z"}]}