CVE-2022-47986

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2022-47986 is a critical software vulnerability, specifically a deserialization flaw, found in IBM's Aspera Faspex file-sharing application. This vulnerability has been exploited by threat actors to deploy ransomware, significantly compromising the security of systems using this software. The vulnerability was given a high severity rating with a Common Vulnerability Scoring System (CVSS) score of 9.8, indicating its potential for causing substantial harm. The exploitation of CVE-2022-47986 was first reported in February and has since been observed being used in several cyberattacks. For instance, the IceFire and Cl0p ransomware attacks took advantage of this vulnerability, targeting not only generic Linux system directories but also paths related to Oracle databases. The operators swiftly exploited other severe bugs, including those impacting PaperCut, demonstrating their agility in leveraging vulnerabilities for malicious purposes. In light of these events, it is crucial for organizations using IBM's Aspera Faspex application to apply patches or mitigations provided by IBM to address CVE-2022-47986. The rapid exploitation of this vulnerability underscores the need for timely patch management and proactive cybersecurity measures to protect against such threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Linux
Ransomware
bugs
Exploits
Papercut
Microsoft
Esxi
Ibm
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
IceFireUnspecified
3
IceFire is a malicious software (malware) that has been detected as part of the Linux ransomware family. It was initially known for attacking Windows systems, but recent developments have seen it expand its reach to both Linux and Windows systems. The shift by IceFire to target Linux systems worldwi
ClopUnspecified
1
Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o
BuhtiUnspecified
1
Buhti is a malicious software, or malware, that was first highlighted by Palo Alto Networks Unit 42 in February 2023. It is a Golang ransomware targeting Linux systems. The Buhti ransomware operation was further detailed by Symantec’s Threat Hunter Team in May of the same year. Its payload included
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Mint SandstormUnspecified
1
Mint Sandstorm, an Iranian nation-state threat actor also known as APT35 and Charming Kitten, has been identified by Microsoft as a significant cybersecurity concern. The group is linked to Iran's Islamic Revolutionary Guard Corps and is known for its sophisticated cyber campaigns targeting high-val
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-27350Unspecified
1
CVE-2023-27350 is a significant software vulnerability discovered in PaperCut NG/MF, a popular print management software. This flaw in software design or implementation allows attackers to bypass authentication and execute code with system privileges, posing a serious threat to both server and inter
Source Document References
Information about the CVE-2022-47986 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Checkpoint
8 months ago
The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks - Check Point Research
CERT-EU
10 months ago
Admins urged to quickly patch holes in WS_FTP file transfer server | IT World Canada News
CERT-EU
a year ago
Blacktail: Unveiling the tactics of a notorious cybercrime group - Cybersecurity Insiders
CERT-EU
a year ago
Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
a year ago
Buhti: New Ransomware Operation Relies on Repurposed Payloads
CERT-EU
a year ago
Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code
Canadian Centre for Cyber Security
a year ago
IBM security advisory (AV23-103) - Canadian Centre for Cyber Security
CERT-EU
a year ago
Links 22/02/2023: KDE Plasma 5.27.1 and New Fears Over Nukes
CERT-EU
a year ago
Warnung vor Angriffen auf IBM Aspera Faspex und Mitel MiVoice
DARKReading
a year ago
IceFire Ransomware Portends a Broader Shift From Windows to Linux
Securityaffairs
a year ago
Recently discovered IceFire Ransomware now also targets Linux systems
CSO Online
a year ago
New variant of the IceFire ransomware targets Linux enterprise systems
CERT-EU
a year ago
IceFire Ransomware Attacks Both Windows and Linux Enterprise Networks
CERT-EU
a year ago
IceFire ransomware targets Linux, exploits IBM vulnerability | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
DARKReading
a year ago
Patch Now: Cybercriminals Set Sights on Critical IBM File Transfer Bug
CERT-EU
a year ago
Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
CERT-EU
a year ago
Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure
CERT-EU
a year ago
Iranian Hackers Target U.S. Energy and Transit Systems
CERT-EU
a year ago
Cyber security week in review: April 21, 2023
CERT-EU
a year ago
APT 'Mint Sandstorm' quickly exploits new PoC hacks