logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Advisory – Multiple Intel Products Vulnerabilities

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    September 18, 2023
    Rewterz
    September 18, 2023
    Rewterz Threat Alert – Lumma Stealer Malware aka LummaC – Active IOCs
    Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]
    September 18, 2023
    Rewterz
    September 18, 2023
    Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities
    Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]
    September 18, 2023
    Rewterz
    September 18, 2023
    Rewterz Threat Update – Microsoft Teams Used for Stealing Accounts by Ransomware Access Broker
    Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Advisory – Multiple Intel Products Vulnerabilities

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    September 18, 2023
    Rewterz
    September 18, 2023
    Rewterz Threat Alert – Lumma Stealer Malware aka LummaC – Active IOCs
    Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]
    September 18, 2023
    Rewterz
    September 18, 2023
    Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities
    Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]
    September 18, 2023
    Rewterz
    September 18, 2023
    Rewterz Threat Update – Microsoft Teams Used for Stealing Accounts by Ransomware Access Broker
    Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Advisory – CVE-2022-41103 – Microsoft Word Vulnerability
November 10, 2022
Rewterz
Rewterz Threat Advisory – Intel Quartus Prime Pro and Intel Quartus Prime Standard Vulnerabilities
November 11, 2022

Rewterz Threat Advisory – Multiple Intel Products Vulnerabilities

November 11, 2022

Severity

Medium

Analysis Summary

CVE-2022-26047 CVSS:4.3
Intel devices are vulnerable to a denial of service, caused by improper input validation. A remote attacker within the local network could exploit this vulnerability to cause a denial of service.

CVE-2022-26086 CVSS:6.7
Intel PresentMon could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path element. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-30297 CVSS:3.8
Intel Endpoint Management Assistant could allow a local authenticated attacker to gain elevated privileges on the system, caused by cross-site scripting. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-33973 CVSS:3.3
Intel WLAN Authentication and Privacy Infrastructure Security software for Windows 10/11 could allow a local authenticated attacker to obtain sensitive information, caused by improper access control. An attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.

CVE-2022-36367 CVSS:4.4
Intel Support Android application could allow a local authenticated attacker to obtain sensitive information, caused by incorrect default permissions. An attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.

CVE-2022-30691 CVSS:5.9
Intel Support Android application is vulnerable to a denial of service, caused by uncontrolled resource consumption. A local authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-26341 CVSS:8.2
Intel Active Management Technology (AMT) SDK, Endpoint Management Assistant (EMA), and Manageability Commander could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insufficiently protected credentials. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-26028 CVSS:6.7
Intel VTune Profiler software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-21198 CVSS:7.9
Intel processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time-of-check time-of-use race condition in the BIOS firmware. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2021-33064 CVSS:6.7
Intel System Studio could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path in the software installer. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2021-26251 CVSS:5.3
Intel Distribution of OpenVINO Toolkit is vulnerable to a denial of service, caused by improper input validation. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-30548 CVSS:6.7
Intel Glorp could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path element. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-27499 CVSS:2.5
Intel SGX SDK could allow a local authenticated attacker to obtain sensitive information, caused by the premature release of resource during expected lifetime. An attacker could exploit this vulnerability to obtain sensitive information.

CVE-2022-26006 CVSS:8.2
Intel could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in the BIOS firmware. An attacker could exploit this vulnerability to gain elevated privileges on the system.

Impact

  • Denial of Service
  • Privilege Escalation
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2022-26047
  • CVE-2022-26086
  • CVE-2022-30297
  • CVE-2022-33973
  • CVE-2022-36367
  • CVE-2022-30691
  • CVE-2022-26341
  • CVE-2022-26028
  • CVE-2022-21198
  • CVE-2021-33064
  • CVE-2021-26251
  • CVE-2022-30548
  • CVE-2022-27499
  • CVE-2022-26006

Affected Vendors

Intel

Affected Products

  • Intel PresentMon 1.6.9
  • Intel PresentMon 1.7.0
  • Intel Endpoint Management Assistant 1.7.8
  • Intel Endpoint Management Assistant 1.7.9
  • Intel WLAN Authentication and Privacy Infrastructure Security software for Windows 10/11 22.2149.0.0
  • Intel WLAN Authentication and Privacy Infrastructure Security software for Windows 10/11 22.2150.0.0
  • Intel Support Android application 21.7.39
  • Intel Support Android application 22.02.27
  • Intel Active Management Technology 16.0.4.0
  • Intel Endpoint Management Assistant 1.7.0
  • Intel Manageability Commander 2.3.1
  • Intel VTune Profiler 2022
  • Intel VTune Profiler 2022.1
  • Intel 10th Generation Intel Core Processor Family
  • Intel 12th Gen Intel Core processor
  • Intel Xeon E processor family
  • Intel System Studio
  • Intel Distribution of OpenVINO Toolkit 2021.4.0
  • Intel Distribution of OpenVINO Toolkit 2021.4.1
  • Intel Glorp 1.0.0
  • Intel Xeon E Processor

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information. 
CVE-2022-26047
CVE-2022-26086
CVE-2022-30297
CVE-2022-33973
CVE-2022-36367
CVE-2022-30691

CVE-2022-26341
CVE-2022-26028
CVE-2022-21198
CVE-2021-33064
CVE-2021-26251
CVE-2022-30548
CVE-2022-27499
CVE-2022-26006

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo