CVE-2022-47986

Vulnerability updated 7 months ago (2024-05-04T19:28:36.728Z)

Download STIX

Preview STIX

CVE-2022-47986 is a critical software vulnerability, specifically a deserialization flaw, found in IBM's Aspera Faspex file-sharing application. This vulnerability has been exploited by threat actors to deploy ransomware, significantly compromising the security of systems using this software. The vulnerability was given a high severity rating with a Common Vulnerability Scoring System (CVSS) score of 9.8, indicating its potential for causing substantial harm. The exploitation of CVE-2022-47986 was first reported in February and has since been observed being used in several cyberattacks. For instance, the IceFire and Cl0p ransomware attacks took advantage of this vulnerability, targeting not only generic Linux system directories but also paths related to Oracle databases. The operators swiftly exploited other severe bugs, including those impacting PaperCut, demonstrating their agility in leveraging vulnerabilities for malicious purposes. In light of these events, it is crucial for organizations using IBM's Aspera Faspex application to apply patches or mitigations provided by IBM to address CVE-2022-47986. The rapid exploitation of this vulnerability underscores the need for timely patch management and proactive cybersecurity measures to protect against such threats.

Description last updated: 2024-05-04T17:26:08.572Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Ransomware

Linux

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The IceFire Malware is associated with CVE-2022-47986. IceFire is a malicious software (malware) that has been detected as part of the Linux ransomware family. It was initially known for attacking Windows systems, but recent developments have seen it expand its reach to both Linux and Windows systems. The shift by IceFire to target Linux systems worldwi	Unspecified	3

Source Document References

Information about the CVE-2022-47986 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	a year ago	The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks - Check Point Research
CERT-EU	a year ago	Admins urged to quickly patch holes in WS_FTP file transfer server \| IT World Canada News
CERT-EU	a year ago	Blacktail: Unveiling the tactics of a notorious cybercrime group - Cybersecurity Insiders
CERT-EU	a year ago	Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	Buhti: New Ransomware Operation Relies on Repurposed Payloads
CERT-EU	a year ago	Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code
Canadian Centre for Cyber Security	2 years ago	IBM security advisory (AV23-103) - Canadian Centre for Cyber Security
CERT-EU	2 years ago	Links 22/02/2023: KDE Plasma 5.27.1 and New Fears Over Nukes
CERT-EU	2 years ago	Warnung vor Angriffen auf IBM Aspera Faspex und Mitel MiVoice
DARKReading	2 years ago	IceFire Ransomware Portends a Broader Shift From Windows to Linux
Securityaffairs	2 years ago	Recently discovered IceFire Ransomware now also targets Linux systems
CSO Online	2 years ago	New variant of the IceFire ransomware targets Linux enterprise systems
CERT-EU	2 years ago	IceFire Ransomware Attacks Both Windows and Linux Enterprise Networks
CERT-EU	2 years ago	IceFire ransomware targets Linux, exploits IBM vulnerability \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting
DARKReading	2 years ago	Patch Now: Cybercriminals Set Sights on Critical IBM File Transfer Bug
CERT-EU	2 years ago	Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
CERT-EU	2 years ago	Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure
CERT-EU	2 years ago	Iranian Hackers Target U.S. Energy and Transit Systems
CERT-EU	2 years ago	Cyber security week in review: April 21, 2023
CERT-EU	2 years ago	APT 'Mint Sandstorm' quickly exploits new PoC hacks