CVE-2022-29972

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

Published: May 4, 2022

010
CVSS 7.8EPSS 0.05%High
CVE info copied to clipboard

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2022-29972. See article

May 9, 2022 at 4:04 PM / msrc.microsoft.com
Threat Intelligence Report

The CVE-2022-29972 vulnerability in the Magnitude Simba Redshift ODBC connector poses a critical risk as it allows for remote code execution through shell injection. This vulnerability has not been reported as being exploited in the wild yet, but proof-of-concept exploits may exist. It is recommended to apply any available patches or mitigations to prevent potential attacks and to assess any downstream impacts on third-party vendors using this connector. See article

Jun 15, 2022 at 12:33 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 12.4%)

Sep 25, 2023 at 4:12 AM
Static CVE Timeline Graph

Affected Systems

Insightsoftware/magnitude_simba_amazon_redshift_odbc_driver
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-137: Parameter Injection
+null more

Vendor Advisory

Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver
The vulnerability in the Redshift driver referenced in the CVE impacts Microsoft services listed in the affected software table. The environmental score as it relates to affected Microsoft services can be different than the score assigned by the owner of the CVE.

References

Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver
To remediate the vulnerability, update to the fixed version indicated in the response matrix below. Product Vulnerable Version CVE Identifier Fixed Version Workaround Magnitude Simba
Ankura CTIX FLASH Update – June 14, 2022 – Security | #linux | #linuxsecurity
New Linux Malware Symbiote Targets Financial Sector in researchers targeting Linux systems of financial organizations
Ankura CTIX FLASH Update - June 14, 2022 - Marketscreener.com
Chinese nation state threat actors have been deploying a new remote access trojan (RAT) on compromised target networks over the past year. The malware also cloaks its network traffic by utilizing the system's extended Berkeley Packet Filter (eBPF) feature by "injecting itself into an inspection software's process and using BPF to filter out results that would uncover its activity." Once this injection is complete, Symbiote enables its rootkit functionality to further hide its existence in the compromised system and create a backdoor for persistence as well as privileged command execution by the operators.
See 11 more references

News

Hack The Box is now available on the General Services Administration via SIXGEN
Hack The Box is pleased to announce SIXGEN, a provider of world-class cybersecurity services designed to protect government organizations and commercial industries, is now an authorized HTB reseller and exclusive provider of HTB through the U.S. General Services Administration (GSA). Professional Labs - Multi-machine labs and corporate-level network simulations for teams to experience real-world penetration testing and cybersecurity problems
Microsoft's May Patch Tuesday includes 38 bulletins and three critical zero-day fixes. New
This security update replaces the following previously released updates: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: April 13, 2021 … As for Samsung’s efforts towards improving security, the May 2022 security patch addresses a moderate improper access control vulnerability in the Weather app, affecting Galaxy devices running Android 10, Android 11, and Android 12 . Microsoft has released May 2021 Patch Tuesday security updates with a total of 55 vulnerabilities in the family of Windows and Mac operating systems and related products.
A Snapshot of 2023 CWE Top 25 Most Dangerous Software Weaknesses
The top three most dangerous software weaknesses remain the same, with CWE-787 (Out-of-bounds Write), CWE-79 (Improper Neutralization of Input During Web Page Generation, also known as ‘Cross-site Scripting’), and CWE-89 (Improper Neutralization of Special Elements used in an SQL Command, or ‘SQL Injection’) retaining their positions. The level of danger presented by a particular CWE is then determined by multiplying the severity score by the frequency score, ensuring that the list accurately reflects the most dangerous software weaknesses based on their prevalence and the severity of the vulnerabilities they cause when exploited .
99 of the most popular cybersecurity vulnerabilities & exploits (CVEs) of 2022
CVE-2022-26925 : An Identification and Authentication Failure vulnerability that allows unauthenticated attackers to remotely exploit and force domain controllers to authenticate them via the Windows NT LAN Manager (NTLM) security protocol. Of the highest searched CVEs reported in 2022, Injection, Memory Management, and Insecure Design were the top three vulnerability types.
CERT-EU - Publications - Security Advisories
On December 12, 2022, Fortinet released an advisory concerning a heap-based buffer overflow critical vulnerability in FortiOS SSL-VPN that could allow may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. On December 2, 2022, Google released a new version of its Chrome browser fixing a high-severity flaw, identified by "CVE-2022-4262" that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.
See 230 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI