Information Disclosure Vulnerabilities CVE-2022-21123, CVE-2022-21125 and CVE-2022-21166

Information Disclosure Vulnerabilities CVE-2022-21123, CVE-2022-21125 and CVE-2022-21166

Summary
This article details vulnerability information for Forcepoint products with CVE-2022-21123, CVE-2022-21125 and CVE-2022-21166
Information

Published Date:  January 26, 2023

Last Update:  May 28, 2024
KBA Status:  Final Update
KBA Severity:  High
CVE Number(s): CVE-2022-21123, CVE-2022-21125, CVE-2022-21166
 

KBA Summary

CVE-2022-21123 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-21123

CVE-2022-21125 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-21125 

CVE-2022-21166 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-21166​​​​​​


  Affected Products

  • Data Loss Prevention (DLP)
    • DLP Protector
  • Next Generation Firewall (NGFW)
    • NGFW Security Management Center (SMC) - Versions 6.10.0, 6.11.1
  • Forcepoint Appliances
    • Email Security Appliances and Virtual Appliances (OVA)
    • Web Security Appliances and Virtual Appliances (OVA)

Resolution

Hotfix and other Fix Information

  • Data Loss Prevention (DLP) – Fixed in version v10.0 
  • NGFW SMC - Fixed in v6.10.9
  • V-Series and Virtual Appliances (OVA) - Fixed in 8.5.5 Appliance Hotfix 001 APP-8.5.5-001 and v8.5.6