CVE-2022-36934
published 2022-09-22CVE-2022-36934: An integer overflow in WhatsApp could result in remote code execution in an established video call.
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.93%
77.5th percentile
An integer overflow in WhatsApp could result in remote code execution in an established video call.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| meta | whatsapp_business_for_android | >= unspecified < 2.22.16.12 | 2.22.16.12 |
| meta | whatsapp_business_for_ios | >= unspecified < 2.22.16.12 | 2.22.16.12 |
| meta | whatsapp_for_android | >= unspecified < 2.22.16.12 | 2.22.16.12 |
| meta | whatsapp_for_ios | >= unspecified < 2.22.16.12 | 2.22.16.12 |
| < 2.22.16.12 | 2.22.16.12 | ||
| whatsapp_business | < 2.22.16.12 | 2.22.16.12 |
Detection & IOCsextracted from sources · hover to see the quote
- →Flag WhatsApp for Android versions prior to v2.22.16.12 as vulnerable to CVE-2022-36934 ↗
- →Flag WhatsApp Business for Android versions prior to v2.22.16.12 as vulnerable to CVE-2022-36934 ↗
- →Flag WhatsApp for iOS versions prior to v2.22.16.12 as vulnerable to CVE-2022-36934 ↗
- →Flag WhatsApp Business for iOS versions prior to v2.22.16.12 as vulnerable to CVE-2022-36934 ↗
- →Use Qualys QQL query to identify unpatched WhatsApp assets in mobile device inventory ↗
- →Use Qualys QID 630827 to detect CVE-2022-36934 and CVE-2022-27492 on enrolled mobile assets ↗
- ·CVE-2022-36934 is exploitable only during an established video call (not passive/unauthenticated); exploitation requires an active video call session with the victim ↗
- ·Qualys QID 630827 detection is available in signature version SEM VULNSIGS-1.0.0.69 and is not tied to a specific Cloud Agent version ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cisa7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h9c4-pjqq-xffc: An integer overflow in WhatsApp could result in remote code execution in an established video call
ghsa_unreviewed·2022-09-23
CVE-2022-36934 [CRITICAL] CWE-122 GHSA-h9c4-pjqq-xffc: An integer overflow in WhatsApp could result in remote code execution in an established video call
An integer overflow in WhatsApp could result in remote code execution in an established video call.
CISA
Microsoft Windows SAM Local Privilege Escalation Vulnerability
cisa·2022-02-10·CVSS 7.8
CVE-2021-36934 [HIGH] CWE-1220 Microsoft Windows SAM Local Privilege Escalation Vulnerability
Vulnerability: Microsoft Windows SAM Local Privilege Escalation Vulnerability
Affected: Microsoft Windows
If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-36934
Remediation Due Date: 2022-02-24
No detection rules found.
Nuclei
MOVEit Transfer - SQL Injection
nuclei·CVSS 9.1
CVE-2023-36934 [CRITICAL] MOVEit Transfer - SQL Injection
MOVEit Transfer - SQL Injection
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Template:
id: CVE-2023-36934
info:
name: MOVEit Transfer - SQL Injection
author: rootxharsh,iamnoooob,pdresearch
severity: critical
description: |
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (1
Qualys
Automatically Discover, Patch, and Remediate WhatsApp Vulnerabilities Using Qualys VMDR Mobile
blogs_qualys·2022-10-03·CVSS 7.8
CVE-2022-36934 [HIGH] Automatically Discover, Patch, and Remediate WhatsApp Vulnerabilities Using Qualys VMDR Mobile
## Table of Contents
WhatsApp Remote Code Execution (RCE) Vulnerabilities
Identification of Assets with WhatsApp Vulnerabilities using Qualys VMDR Mobile
Discover WhatsApp Vulnerabilities CVE-2022-36934 & CVE-2022-27492
Patch and Remediate WhatsApp Vulnerabilities CVE-2022-36934 & CVE-2022-27492
Get Started Now with Qualys VMDR Mobile
WhatsApp has recently fixed critical and high-severity vulnerabilities affecting WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, and WhatsApp Business for iOS. Exploiting these vulnerabilities would be the first step of an attacker installing any malware on the device. In 2019 for example, the Israeli spyware maker NSO Group exploited an audio calling flaw to inject the Pegasus spyware.
## WhatsApp Remote Code Execution (RCE) Vul
Qualys
Automatically Discover and Remediate WhatsApp Vulnerabilities Using VMDR Mobile | Qualys
blogs_qualys·2022-10-03·CVSS 7.8
CVE-2022-36934 [HIGH] Automatically Discover and Remediate WhatsApp Vulnerabilities Using VMDR Mobile | Qualys
#### Table of Contents
- WhatsApp Remote Code Execution (RCE) Vulnerabilities
- Identification of Assets with WhatsApp Vulnerabilities using Qualys VMDR Mobile
- Discover WhatsApp Vulnerabilities CVE-2022-36934 & CVE-2022-27492
- Patch and Remediate WhatsApp Vulnerabilities CVE-2022-36934 & CVE-2022-27492
- Get Started Now with Qualys VMDR Mobile
WhatsApp has recently fixed critical and high-severity vulnerabilities affecting WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, and WhatsApp Business for iOS. Exploiting these vulnerabilities would be the first step of an attacker installing any malware on the device. In 2019 for example, the Israeli spyware maker NSO Group exploited an audio calling flaw to inject the Pegasus spyware.
## WhatsApp Remote Code Execution (
2022-09-22
Published