CVE-2021-3437
published 2022-12-12CVE-2021-3437: Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP…
PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
15.55%
96.4th percentile
Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| heimdal_project | heimdal | >= 0 < 7.5.0+dfsg-1ubuntu0.3 | 7.5.0+dfsg-1ubuntu0.3 |
| heimdal_project | heimdal | >= 0 < 7.7.0+dfsg-1ubuntu1.3 | 7.7.0+dfsg-1ubuntu1.3 |
| heimdal_project | heimdal | >= 0 < 1.6~git20131207+dfsg-1ubuntu1.2+esm3 | 1.6~git20131207+dfsg-1ubuntu1.2+esm3 |
| heimdal_project | heimdal | >= 0 < 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 | 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 |
| hp | omen_gaming_hub | < 11.6.3.0 | 11.6.3.0 |
| hp | omen_gaming_hub_sdk | < 1.0.44 | 1.0.44 |
| hp_inc | omen_gaming_hub_sdk | — | — |
| samba | samba | >= 0 < 2:4.13.17~dfsg-0ubuntu1.20.04.4 | 2:4.13.17~dfsg-0ubuntu1.20.04.4 |
| samba | samba | >= 0 < 2:4.13.17~dfsg-0ubuntu1.20.04.5 | 2:4.13.17~dfsg-0ubuntu1.20.04.5 |
| samba | samba | >= 0 < 2:4.15.13+dfsg-0ubuntu1 | 2:4.15.13+dfsg-0ubuntu1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
samba regression
osv·2023-01-26·CVSS 5.9
samba regression
samba regression
USN-5822-1 fixed vulnerabilities in Samba. The update for Ubuntu 20.04 LTS
introduced regressions in certain environments. Pending investigation of
these regressions, this update temporarily reverts the security fixes.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Samba incorrectly handled the bad password count
logic. A remote attacker could possibly use this issue to bypass bad
passwords lockouts. This issue was only addressed in Ubuntu 22.10.
(CVE-2021-20251)
Evgeny Legerov discovered that Samba incorrectly handled buffers in
certain GSSAPI routines of Heimdal. A remote attacker could possibly use
this issue to cause Samba to crash, resulting in a denial of service.
(CVE-2022-3437)
Tom Tervoort discovered that Samba incorrec
OSV
samba vulnerabilities
osv·2023-01-24·CVSS 5.9
CVE-2021-20251 samba vulnerabilities
samba vulnerabilities
It was discovered that Samba incorrectly handled the bad password count
logic. A remote attacker could possibly use this issue to bypass bad
passwords lockouts. This issue was only addressed in Ubuntu 22.10.
(CVE-2021-20251)
Evgeny Legerov discovered that Samba incorrectly handled buffers in
certain GSSAPI routines of Heimdal. A remote attacker could possibly use
this issue to cause Samba to crash, resulting in a denial of service.
(CVE-2022-3437)
Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos
keys. A remote attacker could possibly use this issue to elevate
privileges. (CVE-2022-37966, CVE-2022-37967)
It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure
Channel. A remote attacker could possibly use this issue to e
OSV
heimdal vulnerabilities
osv·2023-01-12·CVSS 7.5
CVE-2021-44758 heimdal vulnerabilities
heimdal vulnerabilities
It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2021-44758)
Evgeny Legerov discovered that Heimdal incorrectly handled memory when
performing certain DES decryption operations. A remote attacker could use
this issue to cause a denial of service, or possibly execute arbitrary
code. (CVE-2022-3437)
Greg Hudson discovered that Kerberos PAC implementation used in Heimdal
incorrectly handled certain parsing operations. A remote attacker could use
this issue to cause a denial of service, or possibly execute arbitrary
code. (CVE-2022-42898)
It was discovered that Heimdal's KDC did not properly handle certain error
conditions. A remote attacker could use this iss
GHSA
GHSA-g82h-g9mh-6vhp: Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of ser
ghsa_unreviewed·2022-12-12
CVE-2021-3437 [CRITICAL] CWE-276 GHSA-g82h-g9mh-6vhp: Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of ser
Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities.
No detection rules found.
No public exploits indexed.
Checkpoint
20th September – Threat Intelligence Report
blogs_checkpoint·2021-09-19·CVSS 7.8
CVE-2021-40444 [HIGH] 20th September – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th September – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th September, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point Research has seen a global surge in the black market for fake COVID-19 vaccine certificates on Telegram, following US President Biden’s vaccine mandate announcements. The black market has expanded to serve 28 countries, including Austria, UAE, Brazil, UK, Singapore and more. The price for fake vaccine cert
Sentinelone
CVE-2021-3437 | HP OMEN Gaming Hub Privilege Escalation Bug Hits Millions of Gaming Devices
blogs_sentinelone·2021-09-14·CVSS 9.8
CVE-2021-3437 [CRITICAL] CVE-2021-3437 | HP OMEN Gaming Hub Privilege Escalation Bug Hits Millions of Gaming Devices
## CVE-2021-3437 | HP OMEN Gaming Hub Privilege Escalation Bug Hits Millions of Gaming Devices
## Executive Summary
SentinelLabs has discovered a high severity flaw in an HP OMEN driver affecting millions of devices worldwide.
Attackers could exploit these vulnerabilities to locally escalate to kernel-mode privileges. With this level of access, attackers can disable security products, overwrite system components, corrupt the OS, or perform any malicious operations unimpeded.
SentinelLabs’ findings were proactively reported to HP on Feb 17, 2021 and the vulnerability is tracked as CVE-2021-3437, marked with CVSS Score 7.8.
HP has released a security update to its customers to address these vulnerabilities.
At this time, SentinelOne has not discovered evidence of in-the-wild abuse.
##
Sentinelone
CVE-2021-3437 | HP OMEN Gaming Hub Privilege Escalation Bug Hits Millions of Gaming Devices
blogs_sentinelone·2021-09-14·CVSS 9.8
[CRITICAL] CVE-2021-3437 | HP OMEN Gaming Hub Privilege Escalation Bug Hits Millions of Gaming Devices
## Executive Summary
- SentinelLabs has discovered a high severity flaw in an HP OMEN driver affecting millions of devices worldwide.
- Attackers could exploit these vulnerabilities to locally escalate to kernel-mode privileges. With this level of access, attackers can disable security products, overwrite system components, corrupt the OS, or perform any malicious operations unimpeded.
- SentinelLabs’ findings were proactively reported to HP on Feb 17, 2021 and the vulnerability is tracked as CVE-2021-3437, marked with CVSS Score 7.8.
- HP has released a security update to its customers to address these vulnerabilities.
- At this time, SentinelOne has not discovered evidence of in-the-wild abuse.
## Introduction
HP OMEN Gaming Hub, previously known as HP OMEN Command Center, is a softwa
2022-12-12
Published