7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
9.1 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.2%
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
Insufficient control flow management for the Intel® 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
(CVE-2021-33656)
In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel (CVE-2021-39686)
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. (CVE-2022-1195)
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. (CVE-2022-1678)
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
(CVE-2022-1734)
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
(CVE-2022-1789)
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. (CVE-2022-1975)
In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel (CVE-2022-20009)
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)
In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-182388481References: Upstream kernel (CVE-2022-20166)
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. (CVE-2022-2153)
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don’t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
Additionally the granularity of the grant table doesn’t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (‘Double-Hash Port Selection Algorithm’) of RFC 6056.
(CVE-2022-32296)
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests’ memory pages. (CVE-2022-33744)
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
(CVE-2022-33981)
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(169330);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id(
"CVE-2021-33061",
"CVE-2021-33656",
"CVE-2021-39686",
"CVE-2022-1012",
"CVE-2022-1195",
"CVE-2022-1652",
"CVE-2022-1678",
"CVE-2022-1729",
"CVE-2022-1734",
"CVE-2022-1789",
"CVE-2022-1836",
"CVE-2022-1975",
"CVE-2022-2153",
"CVE-2022-2318",
"CVE-2022-20009",
"CVE-2022-20132",
"CVE-2022-20141",
"CVE-2022-20154",
"CVE-2022-20166",
"CVE-2022-26365",
"CVE-2022-29581",
"CVE-2022-30594",
"CVE-2022-32250",
"CVE-2022-32296",
"CVE-2022-32981",
"CVE-2022-33740",
"CVE-2022-33741",
"CVE-2022-33742",
"CVE-2022-33744",
"CVE-2022-33981",
"CVE-2022-34918"
);
script_name(english:"EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2022-2891)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :
- Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an
authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)
- When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
(CVE-2021-33656)
- In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to
a race condition. This could lead to local escalation of privilege with no additional execution privileges
needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid
ID: A-200688826References: Upstream kernel (CVE-2021-39686)
- A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the
small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of
service problem. (CVE-2022-1012)
- A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a
local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device
is detached and reclaim resources early. (CVE-2022-1195)
- Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency
use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker
could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the
system. (CVE-2022-1652)
- An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP
pacing can lead to memory/netns leak, which can be used by remote clients. (CVE-2022-1678)
- A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged
user to gain root privileges. The bug allows to build several exploit primitives such as kernel address
information leak, arbitrary execution, etc. (CVE-2022-1729)
- A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use
after free both read or write when non synchronized between cleanup routine and firmware download routine.
(CVE-2022-1734)
- With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID
is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
(CVE-2022-1789)
- There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by
simulating a nfc device from user-space. (CVE-2022-1975)
- In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing
bounds check. This could lead to local escalation of privilege with no additional execution privileges
needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid
ID: A-213172319References: Upstream kernel (CVE-2022-20009)
- In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds
read due to improper input validation. This could lead to local information disclosure if a malicious USB
HID device were plugged in, with no additional execution privileges needed. User interaction is not needed
for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream
kernel (CVE-2022-20132)
- In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead
to local escalation of privilege when opening and closing inet sockets with no additional execution
privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android
kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)
- In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead
to local escalation of privilege with System execution privileges needed. User interaction is not needed
for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream
kernel (CVE-2022-20154)
- In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer
overflow. This could lead to local escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-182388481References: Upstream kernel (CVE-2022-20166)
- A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it
possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This
flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel
oops condition that results in a denial of service. (CVE-2022-2153)
- There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that
allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)
- Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text
explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device
frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to
unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend
(CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)
- Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to
cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14
and later versions. (CVE-2022-29581)
- The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers
to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)
- net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create
user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to
a use-after-free. (CVE-2022-32250)
- The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are
used. This occurs because of use of Algorithm 4 ('Double-Hash Port Selection Algorithm') of RFC 6056.
(CVE-2022-32296)
- An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer
overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point
registers. (CVE-2022-32981)
- Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree
to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the
related lock held, resulting in a small race window, which can be used by unprivileged guests via PV
devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)
of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory
pages. (CVE-2022-33744)
- drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of
a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
(CVE-2022-33981)
- An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init
(leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different
vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an
unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data
in net/netfilter/nf_tables_api.c. (CVE-2022-34918)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2891
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a8ef6812");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-34918");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-1012");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/09");
script_set_attribute(attribute:"patch_publication_date", value:"2022/12/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-abi-stablelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.10.1");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.10.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.10.1");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"kernel-4.19.90-vhulk2206.1.0.h1194.eulerosv2r10",
"kernel-abi-stablelists-4.19.90-vhulk2206.1.0.h1194.eulerosv2r10",
"kernel-tools-4.19.90-vhulk2206.1.0.h1194.eulerosv2r10",
"kernel-tools-libs-4.19.90-vhulk2206.1.0.h1194.eulerosv2r10",
"python3-perf-4.19.90-vhulk2206.1.0.h1194.eulerosv2r10"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | euleros | kernel | p-cpe:/a:huawei:euleros:kernel |
huawei | euleros | kernel-abi-stablelists | p-cpe:/a:huawei:euleros:kernel-abi-stablelists |
huawei | euleros | kernel-tools | p-cpe:/a:huawei:euleros:kernel-tools |
huawei | euleros | kernel-tools-libs | p-cpe:/a:huawei:euleros:kernel-tools-libs |
huawei | euleros | python3-perf | p-cpe:/a:huawei:euleros:python3-perf |
huawei | euleros | uvp | cpe:/o:huawei:euleros:uvp:2.10.1 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33656
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39686
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1195
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1678
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1836
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20009
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20132
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20154
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2153
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2318
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26365
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29581
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30594
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32296
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33740
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33741
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33742
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918
www.nessus.org/u?a8ef6812
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
9.1 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.2%