Spencer Mcintyre

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access, Identity Manager and vRealize Automation (affected versions not specified) **Description** The issue is related to insufficient access control in the administration platform of VMware Workspace ONE Access, VMware Identity Manager, and VMware vRealize Automation. A malicious actor with local access can exploit this to escalate privileges to 'root'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access, Identity Manager and vRealize Automation (affected versions not specified) **Description** The issue is related to a privilege escalation vulnerability in the administration platform of VMware Workspace One Access, VMware Identity Manager console, and VMware vRealize Automation virtual infrastructure management tool. This vulnerability is due to insufficient access control. A malicious actor with local access can exploit this issue to escalate privileges to 'root'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the April, 2022 patch set **Description** The issue is related to a null pointer dereference in the implementation of the Windows SMBv3 protocol. By sending a malformed `FileNormalizedNameInformation` SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel, leading to a denial-of-service. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. **Recommendations** As a temporary workaround, consider restricting access to named pipes to minimize the risk of exploitation. Apply the April, 2022 patch set to resolve the issue. For Windows Domain Controllers, ensure that only authorized users can establish SMB sessions.

**Name of the Vulnerable Software and Affected Versions** Razer Synapse version 2.20.15.1104 **Description** The issue is related to a specially crafted IOCTL that can be issued to the rzpnk.sys driver, allowing a handle to be opened to an arbitrary process through ZwOpenProcess. This is due to insufficient access control to the ZwOpenProcess procedure. Exploitation of this issue may allow a remote attacker to open a descriptor for any process. **Recommendations** For Razer Synapse version 2.20.15.1104, consider restricting access to the rzpnk.sys driver as a temporary workaround until a patch is available. Additionally, avoid using the ZwOpenProcess procedure in the affected driver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AlienVault Unified Security Management versions prior to 4.15 **Description** The issue allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file. This can be achieved by manipulating the plugin configuration file (.cfg) in the Framework Daemon. **Recommendations** For versions prior to 4.15, update to version 4.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin configuration files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Lianja SQL Server versions prior to 1.0.0RC5.2 **Description** A stack-based buffer overflow issue exists, allowing remote attackers to potentially cause a denial of service or execute arbitrary code by sending a crafted string to the TCP port 8001. **Recommendations** For versions prior to 1.0.0RC5.2, update to version 1.0.0RC5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 8001 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firebird versions 2.1.3 through 2.1.5 Firebird versions 2.5.1 through 2.5.3 **Description** The issue is caused by a stack-based buffer overflow in the Firebird database management system. This can be exploited by a remote attacker who sends a specially crafted TCP packet to port 3050, potentially allowing the execution of arbitrary code. The vulnerability is related to a missing size check during the extraction of a group number from CNCT information. **Recommendations** For Firebird versions 2.1.3 through 2.1.5, update to a version after 18514 to resolve the issue. For Firebird versions 2.5.1 through 2.5.3, update to a version after 26623 to resolve the issue. As a temporary workaround, consider restricting access to TCP port 3050 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LifeSize Room appliance version 3.5.3 **Description** The issue allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the `LSRoom Remoting.authenticate` function in the "gateway.php" endpoint. **Recommendations** For version 3.5.3, consider restricting access to the `gateway.php` endpoint until a patch is available. As a temporary workaround, disabling the `LSRoom Remoting.authenticate` function may help mitigate the risk of exploitation.