{"vulnerability": "CVE-2022-3226", "sightings": [{"uuid": "afaefe15-ac5c-4627-82ff-5bd6812fc3d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32267", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14123", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-32267\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046\n\ud83d\udccf Published: 2022-11-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T19:07:27.879Z\n\ud83d\udd17 References:\n1. https://www.insyde.com/security-pledge\n2. https://www.insyde.com/security-pledge/SA-2022046", "creation_timestamp": "2025-04-30T19:13:30.000000Z"}, {"uuid": "91d41f93-ac57-44c8-a2ba-2fd88f0d84bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32266", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14121", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-32266\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform.\n\ud83d\udccf Published: 2022-11-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T19:08:56.599Z\n\ud83d\udd17 References:\n1. https://www.insyde.com/security-pledge\n2. https://www.insyde.com/security-pledge/SA-2022045", "creation_timestamp": "2025-04-30T19:13:28.000000Z"}, {"uuid": "05e78b28-82f8-4a8a-bef1-fb707e1bbb65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3226", "type": "exploited", "source": "https://t.me/true_secator/3794", "content": "Sophos \u043f\u0440\u043e\u0438\u043d\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u0432 Sophos Firewall \u0432\u0435\u0440\u0441\u0438\u0438 19.5 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE.\n\n\u0412 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u0438\u044f\u043c \u043e\u0442\u043a\u0430\u0437\u043e\u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u0441\u0442\u0438 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438\u00a0\u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0432\u0435\u0440\u0441\u0438\u044f Sophos Firewall\u00a0 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442\u00a0\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0441\u0435\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044e, \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 19.5 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2022-3236, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u043c\u0435\u0435\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u043d\u0435\u043b\u044c\u0437\u044f \u043d\u0430\u0437\u0432\u0430\u0442\u044c \u043d\u043e\u0432\u044b\u043c.\u00a0\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u043e \u0435\u0433\u043e \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u0438 \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435, \u043a\u043e\u0433\u0434\u0430 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430, \u0447\u0442\u043e CVE-2022-3236 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0439 \u043a\u0440\u0443\u0433 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439, \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u042e\u0436\u043d\u043e\u0439 \u0410\u0437\u0438\u0438.\n\n\u0422\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0432 Sophos Firewall 19.5, \u0438\u043c\u0435\u044e\u0442 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f CVE-2022-3226, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u041e\u0421, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 SSL VPN.\n\nCVE-2022-3713 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0435 Wi-Fi, \u0430 \u0442\u0440\u0435\u0442\u044c\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 CVE-2022-3696 - \u0432 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435, \u043d\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u043c\u0435\u044e\u0442 \u0441\u0440\u0435\u0434\u043d\u044e\u044e \u0438\u043b\u0438 \u043d\u0438\u0437\u043a\u0443\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c.\u00a0\u041e\u043d\u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 XSS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u0438 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u043d\u0435\u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438.\n\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u044d\u0442\u0438\u0445 \u0431\u0430\u0433 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0441\u0430\u043c\u043e\u0439 Sophos, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0434\u0440\u0443\u0433\u0438\u0435 \u0431\u044b\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b \u0432\u043d\u0435\u0448\u043d\u0438\u043c\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 Bug Bounty.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Sophos, \u0438 \u0438\u043c\u0435\u044e\u0442 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0447\u0438\u0441\u043b\u043e \u0446\u0435\u043b\u0435\u0439 \u0434\u043b\u044f \u0430\u0442\u0430\u043a, \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0438\u0445 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435.", "creation_timestamp": "2022-12-07T10:30:06.000000Z"}, {"uuid": "36489fd6-cc4b-4a94-b513-ba7ce8bb15e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3226", "type": "seen", "source": "https://t.me/cibsecurity/53773", "content": "\u203c CVE-2022-3226 \u203c\n\nAn OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall older than version 19.5 GA.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-01T20:36:51.000000Z"}, {"uuid": "95dec2ff-33b4-4c79-8074-410510bfd0c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32266", "type": "seen", "source": "https://t.me/cibsecurity/52984", "content": "\u203c CVE-2022-32266 \u203c\n\nDMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-16T07:54:33.000000Z"}, {"uuid": "28b2e032-072a-437c-a49f-3d39b78c0e15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32263", "type": "seen", "source": "https://t.me/cibsecurity/46409", "content": "\u203c CVE-2022-32263 \u203c\n\nPexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T02:33:19.000000Z"}, {"uuid": "3e7ec265-a56a-4392-a396-b5a2f2d423a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32269", "type": "seen", "source": "https://t.me/cibsecurity/43797", "content": "\u203c CVE-2022-32269 \u203c\n\nIn Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-03T12:26:24.000000Z"}, {"uuid": "adba311f-f81b-4dc1-99d2-d8cdaee7eb7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32268", "type": "seen", "source": "https://t.me/cibsecurity/43796", "content": "\u203c CVE-2022-32268 \u203c\n\nStarWind SAN and NAS v0.2 build 1914 allow remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-03T12:26:24.000000Z"}, {"uuid": "4c7b5cd6-ce87-4fbc-a171-0ea2c6bf3b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32265", "type": "seen", "source": "https://t.me/cibsecurity/43793", "content": "\u203c CVE-2022-32265 \u203c\n\nqDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-03T12:26:20.000000Z"}, {"uuid": "03083ff7-97ac-4f6b-8b26-ebd75256c331", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32260", "type": "seen", "source": "https://t.me/cibsecurity/44372", "content": "\u203c CVE-2022-32260 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions &lt; V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T14:19:11.000000Z"}, {"uuid": "864d7aec-b75b-4d77-a0b4-e249a8817a8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32261", "type": "seen", "source": "https://t.me/cibsecurity/44369", "content": "\u203c CVE-2022-32261 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions &lt; V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T14:19:05.000000Z"}, {"uuid": "f5697464-b43f-4389-9385-3e0b18d2349f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32262", "type": "seen", "source": "https://t.me/cibsecurity/44376", "content": "\u203c CVE-2022-32262 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions &lt; V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T14:19:17.000000Z"}]}