Top 10 most interesting CVEs for February 2022
DISCLAIMER!
Attention! All information provided is for informational purposes only. The author does not bear any responsibility for any harm caused by using the information provided.
As the second month of 2022 comes to an end, it’s time to take stock of the most interesting vulnerabilities over the past period.
Foxit PDF Reader & Foxit PDF Editor
Two vulnerabilities were discovered in Foxit Software’s software: CVE-2022-24955 and CVE-2022-24954, both of which have the highest severity rating of 9.8 according to the CVSS 3.1 standard.
1.1) CVE-2022-24955 – Uncontrolled Search Path Element Privilege Escalation
Foxit PDF Reader prior to version 11.2.1 & Foxit PDF Editor prior to version 11.2.1 are affected by the Uncontrolled Search Path Element Privilege Escalation issue, which allows the execution of malicious DLL files. This is because applications do not specify an absolute path when searching for DLLs.
1.2) CVE-2022-24954 – Stack-Based Buffer Overflow
Foxit PDF Reader prior to version 11.2.1 & Foxit PDF Editor prior to version 11.2.1 are affected by the Stack-Based Buffer Overflow vulnerability, which causes both programs to crash. The crash occurs due to the use of abnormal data without proper validation when processing XFA files containing invalid attribute values in the widget node.
More:
CVE-2022-24955:
1.1.1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24955
1.1.2) https://nvd.nist.gov/vuln/detail/CVE-2022-24955
1.1.3) https://www.foxit.com/support/security-bulletins.html
CVE-2022-24954:
1.2.1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24954
1.2.2) https://twitter.com/l33d0hyun/status/1487047927415459851
1.2.3) https://www.foxit.com/support/security-bulletins.html
1.2.4) https://nvd.nist.gov/vuln/detail/CVE-2022-24954
StarWind SAN and NAS
Two vulnerabilities were found in StarWind SAN and NAS (version 0.2 and build 1633) by StarWind Software: CVE-2022-24552 and CVE-2022-24551, which are rated 9.8 (critical) and 8.8 (high) points according to the CVSS 3.1 scale .
2.1) CVE-2022-24552 – Remote code execution via disk management command in StarWind Products
A remote code execution (RCE) vulnerability has been identified in StarWind SAN and NAS version 0.2 and build 1633 through the disk management command. The virtual disk management REST command does not validate input parameters, and some of them are passed directly to Bash as part of the script. An attacker can inject arbitrary data into a command that will be executed with root privileges.
2.2) CVE-2022-24551 – Availability to set a password for any system user in StarWind Products
There is a vulnerability in StarWind SAN and NAS version 0.2 and build 1633 that allows a password to be set for any system user. When setting a new password, the system does not check the current username and the old password. Therefore, any registered user can reset the password for another user of the system.
More:
CVE-2022-24552:
2.1.1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24552
2.1.2) https://nvd.nist.gov/vuln/detail/CVE-2022-24552
2.1.3) https://www.starwindsoftware.com/security/sw-20220203-0001/
CVE-2022-24551:
2.2.1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24551
2.2.2) https://nvd.nist.gov/vuln/detail/CVE-2022-24551
2.2.3) https://www.starwindsoftware.com/security/sw-20220204-0001/
Apple Safari on iOS and iPadOS (WebKit)
A vulnerability has been found in the WebKit web page rendering engine that allows arbitrary code execution through specially crafted malicious web content in the mobile version of the Safari web browser and in other web browsers that use WebKit. The vulnerability belongs to the Use-After-Free class and is associated with incorrect use of dynamic memory. According to the open standard CVSS 3.1, the vulnerability score is 8.8 points, which indicates a high level of criticality of the problem found.
More:
3.1) https://support.apple.com/en-us/HT213093
3.2) https://www.kaspersky.ru/blog/webkit-vulnerability-cve-2022-22620/32366/
3.3) https://www.securitylab.ru/news/529779.php
3.4) https://www.securitylab.ru/vulnerability/529777.php
Operating systems of the Windows family and Windows Server
A Windows Kernel Elevation of Privilege Vulnerability vulnerability has been found in Microsoft’s Windows and Windows Server operating systems, which allows an attacker to elevate their privileges when exploiting the vulnerability. According to the CVSS 3.1 standard, the discovered vulnerability has a high level of criticality (7.8 points).
More:
4.1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21989
4.2) https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21989
Windows DNS Server
Some operating systems in the Windows family are affected by the Windows DNS Server Remote Code Execution Vulnerability. The discovered vulnerability is located in the function of the DNS Server component. According to information from Microsoft, the severity of the vulnerability according to the open standard CVSS 3.1 is 8.8 points, which indicates a high level of significance of the identified vulnerability.
More:
5.1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-21984
5.2) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21984
5.3) https://vuldb.com/en/?id.192540
5.4) https://www.qualys.com/research/security-alerts/2022-02-08/microsoft/
Windows Hyper-V
Windows Hyper-V Remote Code Execution Vulnerability has been found in the Hyper-V component of Microsoft’s Windows operating systems. The vulnerability allows exploitation of remote code execution on the side of a vulnerable system. Microsoft has rated this vulnerability at 7.9 points (high severity) according to the CVSS 3.1 standard.
More:
6.1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-21995
6.2) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21995
Microsoft SharePoint Server
Microsoft SharePoint Server Remote Code Execution Vulnerability allows attackers to remotely execute arbitrary code on the following versions of vulnerable software:
*Microsoft SharePoint Server Subscription Edition
*Microsoft SharePoint Server 2019
*Microsoft SharePoint Enterprise Server 2013 Service Pack 1
*Microsoft SharePoint Enterprise Server 2016
In order to exploit the vulnerability, an attacker needs to be authenticated and have the rights to create pages in the listed software. The vulnerability is related to insecure data deserialization, an attacker could use this flaw to execute code in the context of a SharePoint web server process.
The vulnerability has a score of 8.8 according to CVSS 3.1, which indicates a high degree of criticality of the vulnerability.
More:
7.1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22005
7.2) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22005
7.3) https://www.zerodayinitiative.com/advisories/ZDI-22-352/
Windows Print Spooler
Microsoft operating systems are affected by three Windows Print Spooler Elevation of Privilege Vulnerability vulnerabilities: CVE-2022-22718, CVE-2022-21997, CVE-2022-22717, which allow an attacker to locally elevate their privileges and bypass security restrictions through the Windows Print Spooler service. The criticality of vulnerabilities according to the CVSS 3.1 standard turned out to be as follows:
8.1) CVE-2022-22718 – 7.8 points, high severity level
8.2) CVE-2022-21997 – 7.1 points, high severity level
8.3) CVE-2022-22717 – 7.0 points, high severity level
It is also worth noting that there is a public exploit for CVE-2022-22718 on github by researcher J0hnbX. You can get acquainted with the researcher’s repository at the link below.
More:
CVE-2022-22718:
8.1.1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22718
8.1.2) https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22718
8.1.3) https://vuldb.com/en/?id.192567
8.1.4) https://github.com/J0hnbX/2022-22718
CVE-2022-21997:
8.2.1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21997
8.2.2) https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21997
8.2.3) https://www.securitylab.ru/vulnerability/529638.php
CVE-2022-22717:
8.3.1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22717
8.3.2) https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22717
Google Chrome
A Use-After-Free vulnerability has been found in the Google Chrome web browser in the Animation component, which allows arbitrary code to be executed on the target system. An attacker needs to prepare a specially crafted web page and trick the victim into visiting it in order to exploit the Use-After-Free class bug.
The severity score of the vulnerability was 8.8 points, which is a high level of criticality according to the CVSS 3.1 standard.
More:
9.1) https://www.securitylab.ru/vulnerability/529862.php
9.2) https://www.cybersecurity-help.cz/vdb/SB2022021430
9.3) https://www.rapid7.com/db/vulnerabilities/google-chrome-cve-2022-0609/
SQL Server for Linux Containers
SQL Server for Linux Containers Elevation of Privilege Vulnerability is a privilege escalation vulnerability in Microsoft SQL Server for Linux Containers that is present only in the container version of SQL Server 2019 for Linux.
The found vulnerability has a high (7.8 points) degree of criticality according to the open standard CVSS 3.1.
More:
10.1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23276
10.2) https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23276
10.3) https://www.qualys.com/research/security-alerts/2022-02-08/microsoft/
