Day: January 12, 2023

SonicWall SMA 500v and SMA 100 Series Firmware Heap Buffer Overflow

by

EIP-6a6472ab

A remote code execution vulnerability exists in SonicWall SMA 100 Series and SMA 500v Series due to a heap buffer overflow in the ‘extensionsetting’ endpoint. A remote, authenticated attacker can send crafted HTTP POST requests to execute code on vulnerable targets as the ‘nobody’ user.

Vulnerability Identifiers

  • Exodus Intelligence: EIP-6a6472ab
  • MITRE: CVE-2022-2915

Vulnerability Metrics

  • CVSSv2 Score: 6.0

Vendor References

Discovery Credit

  • Sergi Martinez (Exodus Intelligence)

Disclosure Timeline

  • Disclosed to affected vendor: April 21st, 2022
  • Disclosed to public: January 12th, 2023

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com.

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program (RSP).

Schneider Electric SoMachine HVAC ActiveX Control Information Disclosure Vulnerability

by

EIP-50a1e402

An information disclosure vulnerability exists in Schneider Electric SoMachine HVAC due to a method in the ‘AxEditGrid3.ocx’ ActiveX control leaking a heap address of an ActiveX object. An attacker can entice a user to open a specially crafted web page to leak Internet Explorer process memory information.

Vulnerability Identifiers

  • Exodus Intelligence: EIP-50a1e402
  • MITRE: CVE-2022-2988

Vulnerability Metrics

  • CVSSv2 Score: 5.0

Vendor References

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to affected vendor: December 10th, 2021
  • Disclosed to public: January 12th, 2023

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com.

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program (RSP).

Intelligence

Support

Company

Copyright 2021 Exodus Intelligence