CVE-2022-22948: VMware vCenter Server Sensitive Information Disclosure Vulnerability


</p> <p><strong>Researchers disclose a moderate severity vulnerability in VMware vCenter Server that can be used in an exploit chain with other vCenter Server flaws to take over servers.</strong></p> <h2>Background</h2> <p>On March 29, VMware <a href="https://www.vmware.com/security/advisories/VMSA-2022-0009.html"><u>published an advisory</u></a> (VMSA-2022-0009) for a moderate severity vulnerability in VMware vCenter Server, its centralized management software for VMware vSphere cloud computing virtualization systems.</p> <div class="table-responsive"> <table class="table"> <thead> <tr> <th><strong>CVE</strong></th> <th><strong>Description</strong></th> <th><strong>CVSSv3</strong></th> <th><strong>VPR*</strong></th> </tr> </thead> <tbody> <tr> <td><a href="https://www.tenable.com/cve/CVE-2022-22948"><u>CVE-2022-22948</u></a></td> <td>VMware vCenter Server Information Disclosure Vulnerability</td> <td>5.5</td> <td>6.9</td> </tr> </tbody> </table> </div> <p><i>*Please note: Tenable’s</i> <a href="https://www.tenable.com/blog/what-is-vpr-and-how-is-it-different-from-cvss"><i><u>Vulnerability Priority Rating</u></i></a> <i>(VPR) scores are calculated nightly. This blog post was published on March 30 and reflects VPR at that time.</i></p> <p>The vulnerability is credited to <a href="https://twitter.com/Ul7raVi0l3t"><u>Yuval Lazar</u></a>, a security researcher at Pentera. Lazar was also credited with discovering and disclosing <a href="https://www.tenable.com/cve/CVE-2021-22015"><u>CVE-2021-22015</u></a>, a local privilege escalation vulnerability in vCenter Server.</p> <h2>Analysis</h2> <p><a href="https://www.tenable.com/cve/CVE-2022-22948"><u>CVE-2022-22948</u></a> is a local information disclosure vulnerability in vCenter Server. An authenticated, local attacker with non-administrative (low-privileged user) access to the vulnerable vCenter Server instance could exploit this vulnerability to obtain sensitive information from the server, such as credentials for a high-privileged user.</p> <p>For complete analysis of this vulnerability, please refer to <a href="https://www.pentera.io/blog/information-disclosure-in-vmware-vcenter/"><u>Lazar’s blog</u></a>.</p> <p>This isn’t the first information disclosure bug in vCenter Server to warrant attention. In 2020, VMware addressed <a href="https://tenable.com/cve/CVE-2020-3952"><u>CVE-2020-3952</u></a>, an <a href="https://www.tenable.com/blog/cve-2020-3952-sensitive-information-disclosure-in-vmware-vcenter-server-vmsa-2020-0006"><u>information disclosure vulnerability in vCenter Server</u></a> that was assigned the maximum CVSSv3 score of 10.0.</p> <p><strong>Chaining exploits to achieve full server takeover</strong></p> <p>By itself, CVE-2022-22948 is a moderately severe vulnerability. However, Lazar’s research found that by chaining this vulnerability with previously disclosed VMware vCenter vulnerabilities, including <a href="https://www.tenable.com/cve/CVE-2021-21972"><u>CVE-2021-21972</u></a>, an unauthorized file upload vulnerability and <a href="https://www.tenable.com/cve/CVE-2021-22015"><u>CVE-2021-22015</u></a>, a local privilege escalation vulnerability that Lazar also discovered, an attacker could potentially take full control of an organization’s ESXi servers.</p> </p> <p><i>Image Source:</i> <a href="https://www.pentera.io/blog/information-disclosure-in-vmware-vcenter/"><i><u>Pentera</u></i></a></p> <p><strong>VMware vCenter Flaws popular amongst attackers in 2021</strong></p> <p>Earlier this year, we featured <a href="https://www.tenable.com/cve/CVE-2021-21985"><u>CVE-2021-21985</u></a>, a critical remote execution flaw in VMware vCenter and vSphere as one of the top five vulnerabilities exploited by attackers in <a href="https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective?utm_source=cyber_exposure_alerts&utm_medium=blog&utm_campaign=vmware-cve-2022-22948-blog"><u>our 2021 Threat Landscape Retrospective</u></a>. While we highlighted CVE-2021-21985 specifically in the top five, it reflects a general trend of attackers targeting vCenter and vSphere using multiple flaws including <a href="https://www.tenable.com/cve/CVE-2021-22005"><u>CVE-2021-22005</u></a> and the aforementioned CVE-2021-21972.</p> <p>Most of the VMware vulnerabilities referenced in this blog (with the exception of CVE-2021-22015) are included in the Cyber Security and Infrastructure Agency (CISA)’s <a href="https://www.cisa.gov/known-exploited-vulnerabilities"><u>catalog of known exploited vulnerabilities</u></a>.</p> <p>Ransomware groups in particular favor VMware vulnerabilities in the last few years. For instance, the <a href="https://www.tenable.com/blog/contileaks-chats-reveal-over-30-vulnerabilities-used-by-conti-ransomware-affiliates"><u>Conti ransomware group and its affiliates have exploited multiple VMware vulnerabilities</u></a> as part of their attacks to gain initial access into organizations. Since 2020, researchers have discovered that a number of ransomware groups like <a href="https://twitter.com/demonslay335/status/1324766934248939521?s=20&t=feHtHg7p7LFp8KrLIpIQIg"><u>RansomEXX/Defray777</u></a>, <a href="https://www.bleepingcomputer.com/news/security/ransomware-gang-encrypts-vmware-esxi-servers-with-python-script/"><u>HelloKitty</u></a>, <a href="https://www.bleepingcomputer.com/news/security/revil-ransomwares-new-linux-encryptor-targets-esxi-virtual-machines/"><u>REvil</u></a>, <a href="https://www.bleepingcomputer.com/news/security/linux-version-of-blackmatter-ransomware-targets-vmware-esxi-servers/"><u>BlackMatter</u></a> and <a href="https://www.bleepingcomputer.com/news/security/hive-ransomware-now-encrypts-linux-and-freebsd-systems/"><u>Hive</u></a> have also targeted ESXi. There are also reports of an unknown ransomware group <a href="https://www.bleepingcomputer.com/news/security/ransomware-gang-encrypts-vmware-esxi-servers-with-python-script/"><u>encrypting virtual machines in VMware ESXi servers</u></a>.</p> <p>Attack chains like the one identified by Lazar could prove to be valuable for ransomware groups and affiliates.</p> <p><strong>No in-the-wild exploitation observed</strong></p> <p>Presently, there are no indications that CVE-2022-22948 has been exploited in the wild. Because it is a local, post-authentication vulnerability, it isn’t feasible to identify exploitation attempts. However, an uptick in attempts to exploit CVE-2021-21972 might be indicative of attackers looking to leverage this exploit chain in the wild.</p> <p>Because an attacker would need to exploit an initial access vulnerability like CVE-2021-21972 before being able to exploit CVE-2022-22948, we believe it’s important for organizations to ensure their VMware systems are patched and up-to-date to prevent exploitation of legacy vulnerabilities. Based on a <a href="https://twitter.com/n0x08/status/1364307533284868097"><u>previously shared Shodan search query</u></a> for CVE-2021-21972, we’ve found that there are <a href="https://www.shodan.io/search/report?query=http.title%3A%22ID_VC_Welcome%22"><u>still nearly 3,400 publicly accessible instances</u></a> of vCenter Server on the internet. While it is unclear what percentage of these instances are vulnerable to CVE-2021-21972, a cursory search of the Shodan results shows more than a few vCenter Server instances running affected versions that are six to eight years old.</p> <p><img decoding="async" referrerpolicy="no-referrer" src="https://www.tenable.com/sites/default/files/images/blog/35727278-d06d-4f24-bca2-cd0c77c1b4a6.png"/></p> <h2>Proof of concept</h2> <p>At the time this blog post was published, no public proof-of-concept exploit existed for CVE-2022-22948. However, Lazar’s <a href="https://www.pentera.io/blog/information-disclosure-in-vmware-vcenter/"><u>blog post</u></a> includes an example of a Python script successfully decrypting the password for a high-privileged user within the vCenter Server that can be used to take over the ESXi.</p> <p><img decoding="async" referrerpolicy="no-referrer" src="https://www.tenable.com/sites/default/files/images/blog/f107252d-f080-49a7-8e62-d7ab0f1b666b.png"/></p> <p><i>Image Source:</i> <a href="https://www.pentera.io/blog/information-disclosure-in-vmware-vcenter/"><i><u>Pentera</u></i></a></p> <h2>Solution</h2> <p>According to VMware’s advisory, Windows 6.5 and 6.7 versions of vCenter Server are not affected. However, the Windows 7.0 version of vCenter Server and the <a href="https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vcsa.doc/GUID-223C2821-BD98-4C7A-936B-7DBE96291BA4.html"><u>Virtual Appliance</u></a> versions of vCenter Server are affected.</p> <h2>Identifying affected systems</h2> <p>A list of Tenable plugins to identify this vulnerability can be found <a href="https://www.tenable.com/plugins/search?q=cves%3A%28%22CVE-2022-22948%22%29&sort=&page=1"><u>here</u></a>.</p> <p>For Nessus plugin ID 159306, “VMware vCenter Server 6.5 / 6.7 / 7.0 Information Disclosure (VMSA-2022-0009),” users are required to <a href="https://docs.tenable.com/nessus/Content/AssessmentSettings.htm"><u>enable the “Show potential false alarms” setting</u></a>, also known as paranoid mode, in their scan policy in order to enable this plugin in a scan.</p> <p>We also recommend enabling only this specific plugin in a paranoid scan. Scan policies configured to have all plugins enabled will see an increase in the number of triggers, as it will include all paranoid plugins during the scan.</p> <p><strong>Enabling Paranoid Mode</strong></p> <p>To enable this setting for Nessus and Tenable.io users:</p> <ol> <li>Click Assessment > General > Accuracy</li> <li>Enable the “Show potential false alarms” option</li> </ol> <p>To enable this setting for Tenable.sc (formerly SecurityCenter) users:</p> <ol> <li>Click Assessment > Accuracy</li> <li>Click the drop-down box and select “Paranoid (more false alarms)”</li> </ol> <h3>Get more information</h3> <p><b><i>Join <a href="https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts">Tenable’s Security Response Team</a> on the Tenable Community.</i></b></p> <p><b><i>Learn more about <a href="https://www.tenable.com/products">Tenable</a>, the first Cyber Exposure platform for holistic management of your modern attack surface.</i></b></p> <p><b><i>Get a <a href="https://www.tenable.com/products/tenable-io/vulnerability-management/evaluate">free 30-day trial</a> of Tenable.io Vulnerability Management. </i></b></p> </div> <p><script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script><br /> <br /><br /> <br /><a href="https://www.tenable.com/blog/cve-2022-22948-vmware-vcenter-server-sensitive-information-disclosure-vulnerability">Source link </a></p> </div><!-- .entry-content --> <footer class="entry-footer"> <span class="cat-links"> Posted in <a href="https://unifiedguru.com/category/rss_virtulization/" rel="category tag">RSS_Virtulization</a> </span> </footer><!-- .entry-footer --> </article><!-- #post-## --> <nav class="navigation post-navigation" aria-label="Posts"> <h2 class="screen-reader-text">Post navigation</h2> <div class="nav-links"><div class="nav-previous"><a href="https://unifiedguru.com/julian-enoizi-named-global-head-of-public-sector-at-guy-carpenter/" rel="prev">Julian Enoizi named Global Head of Public Sector at Guy Carpenter</a></div><div class="nav-next"><a href="https://unifiedguru.com/fbi-investigating-more-than-100-ransomware-variants/" rel="next">FBI Investigating More than 100 Ransomware Variants</a></div></div> </nav> </main><!-- #main --> </div><!-- #primary --> <div id="secondary-right" class="widget-area secondary-sidebar f-right clearfix" role="complementary"> <div id="sidebar-section-top" class="widget-area sidebar clearfix"> <aside id="newsletterwidget-10" class="widget widget_newsletterwidget"><h3 class="widget-title"><span>Subscribe For Updates</span></h3><div class="tnp tnp-subscription tnp-widget"> <form method="post" action="https://unifiedguru.com/wp-admin/admin-ajax.php?action=tnp&na=s"> <input type="hidden" name="nr" value="widget"> <input type="hidden" name="nlang" value=""> <div class="tnp-field tnp-field-firstname"><label for="tnp-1">Name</label> <input class="tnp-name" type="text" name="nn" id="tnp-1" value="" placeholder=""></div> <div class="tnp-field tnp-field-email"><label for="tnp-2">Email</label> <input class="tnp-email" type="email" name="ne" id="tnp-2" value="" placeholder="" required></div> <div class="tnp-field tnp-privacy-field"><label><input type="checkbox" name="ny" required class="tnp-privacy"> Subscribing I accept the privacy rules of this site</label></div><div class="tnp-field tnp-field-button" style="text-align: left"><input class="tnp-submit" type="submit" value="Subscribe Now For Updates" style=""> </div> </form> </div> </aside> </div> <div id="sidebar-section-cat-one" class="widget-area sidebar clearfix"> <div class="widget"> <h2 class="block-title"><span class="bordertitle-red"></span>VMWARE</h2> <div class="featured-post-sidebar"> <figure class="post-thumb clearfix"> <a href="https://unifiedguru.com/helping-public-sector-organisations-define-cloud-strategy/" title="Helping Public Sector Organisations Define Cloud Strategy" ><img post-id="1207" fifu-featured="1" src="https://simoncranney.files.wordpress.com/2019/10/cropped-network.jpeg?w=200" alt="Helping Public Sector Organisations Define Cloud Strategy" title="Helping Public Sector Organisations Define Cloud Strategy" title="Helping Public Sector Organisations Define Cloud Strategy" /></a> </figure> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>October 29, 2020</div> <h3><a href="https://unifiedguru.com/helping-public-sector-organisations-define-cloud-strategy/" title="Helping Public Sector Organisations Define Cloud Strategy" >Helping Public Sector Organisations Define Cloud Strategy</a></h3> <p class="side-excerpt">Introduction Cloud computing services have grown exponentially in</p> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>May 18, 2016</div> <h3><a href="https://unifiedguru.com/how-to-change-the-vlan-id-of-the-service-console-in-esx-from-the-command-lineconsole/" title="How to change the VLAN ID of the Service Console in ESX from the command line/console" >How to change the VLAN ID of the Service Console in ESX from the command line/console</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>June 09, 2015</div> <h3><a href="https://unifiedguru.com/cisco-ucs-and-vmware-interfaces-vnics-ha-design-considerations/" title="Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations" >Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>June 07, 2015</div> <h3><a href="https://unifiedguru.com/troubleshooting-network-and-tcpudp-port-connectivity-issues-on-esxesxi2020669/" title="Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)" >Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>May 12, 2015</div> <h3><a href="https://unifiedguru.com/vsphere-client-parameters/" title="vSphere Client Parameters" >vSphere Client Parameters</a></h3> </div> </div> <div class="view-all-link"><a href="https://unifiedguru.com/category/vmware/" title="View All">View All</a></div> </div> </div> <div id="sidebar-section-cat-two" class="widget-area sidebar clearfix"> <div class="widget"> <h2 class="block-title"><span class="bordertitle-red"></span>Configuration Templates</h2> <div class="featured-post-sidebar clearfix"> <figure class="post-thumb clearfix"> </figure> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>February 16, 2015</div> <h3><a href="https://unifiedguru.com/cue-licenses/" title="CUE Licenses" >CUE Licenses</a></h3> <p class="side-excerpt">Note: Useful LINK COPIED FROM OTHER SOURCE FOR REFERENCE INTRODUCTION</p> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>February 02, 2015</div> <h3><a href="https://unifiedguru.com/trouble-shooting-unity-express-with-call-manager-integeration-operational-issues/" title="Trouble shooting Unity Express with Call Manager Integeration & Operational Issues" >Trouble shooting Unity Express with Call Manager Integeration & Operational Issues</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/%ef%bb%bfcme-configuration-example-sip-trunks-to-viatalk-and-voip-ms/" title="CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms" >CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/sip-phone-registration-cme-configuration/" title="SIP Phone registration – CME Configuration" >SIP Phone registration – CME Configuration</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/cue-voicemail-vpim-networking-cue-to-unity/" title="CUE Voicemail + VPIM networking (CUE to unity)" >CUE Voicemail + VPIM networking (CUE to unity)</a></h3> </div> </div> <div class="view-all-link"><a href="https://unifiedguru.com/category/configuration-templates/" title="View All">View All</a></div> </div> </div> </div> </div><!-- #content --> </div><!-- content-wrapper--> <footer id="colophon" class="site-footer clearrfix" role="contentinfo"> <div class="wrapper footer-wrapper clearfix"> <div class="top-bottom clearfix"> <div id="footer-top"> </div><!-- #foter-top --> <div id="footer-bottom"> </div><!-- #foter-bottom --> </div><!-- top-bottom--> <div class="footer-copyright border t-center"> <p> Copyright 2016. All rights reserved </p> <div class="site-info"> <a href="https://wordpress.org/">Proudly powered by WordPress</a> <span class="sep"> | </span> Profitmag by <a href="http://rigorousthemes.com/" rel="designer">Rigorous Themes</a> </div><!-- .site-info --> </div> </div><!-- footer-wrapper--> </footer><!-- #colophon --> </div><!-- #page --> <div class="a2a_kit a2a_kit_size_32 a2a_floating_style a2a_default_style" style="bottom:0px;left:0px;background-color:#23d5db"><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2022-22948-vmware-vcenter-server-sensitive-information-disclosure-vulnerability%2F&linkname=CVE-2022-22948%3A%20VMware%20vCenter%20Server%20Sensitive%20Information%20Disclosure%20Vulnerability" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2022-22948-vmware-vcenter-server-sensitive-information-disclosure-vulnerability%2F&linkname=CVE-2022-22948%3A%20VMware%20vCenter%20Server%20Sensitive%20Information%20Disclosure%20Vulnerability" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_pinterest" href="https://www.addtoany.com/add_to/pinterest?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2022-22948-vmware-vcenter-server-sensitive-information-disclosure-vulnerability%2F&linkname=CVE-2022-22948%3A%20VMware%20vCenter%20Server%20Sensitive%20Information%20Disclosure%20Vulnerability" title="Pinterest" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2022-22948-vmware-vcenter-server-sensitive-information-disclosure-vulnerability%2F&linkname=CVE-2022-22948%3A%20VMware%20vCenter%20Server%20Sensitive%20Information%20Disclosure%20Vulnerability" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_whatsapp" href="https://www.addtoany.com/add_to/whatsapp?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2022-22948-vmware-vcenter-server-sensitive-information-disclosure-vulnerability%2F&linkname=CVE-2022-22948%3A%20VMware%20vCenter%20Server%20Sensitive%20Information%20Disclosure%20Vulnerability" title="WhatsApp" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2022-22948-vmware-vcenter-server-sensitive-information-disclosure-vulnerability%2F&linkname=CVE-2022-22948%3A%20VMware%20vCenter%20Server%20Sensitive%20Information%20Disclosure%20Vulnerability" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_google_gmail" href="https://www.addtoany.com/add_to/google_gmail?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2022-22948-vmware-vcenter-server-sensitive-information-disclosure-vulnerability%2F&linkname=CVE-2022-22948%3A%20VMware%20vCenter%20Server%20Sensitive%20Information%20Disclosure%20Vulnerability" title="Gmail" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div><div class="mb_supershare_holder"> <div id="openModal" class="mb_supershare_modalDialog"> <div style="background:url(https://unifiedguru.com/wp-content/plugins/super-share/img/struckaxiom.png) repeat;"> <div class="mb_supershare_ribbon"><div class="mb_supershare_ribbon-stitches-top"></div><strong class="mb_supershare_ribbon-content"><span style="font-size: 24px; line-height: 2;"> Love This Article? Spread It. </span></strong><div class="mb_supershare_ribbon-stitches-bottom"></div></div> <div class="mb_supershare_close">X</div> <!-- facebook need this script --> <div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <div class="social_icons_style" style="width:320px; margin-left:25px; margin-top:20px; margin 0 auto; overflow:visible"> <ul> <li style="overflow:hidden; width: 49px;"> <!-- facebook like button --> <div class="fb-like" data-href="https://unifiedguru.com:443/cve-2022-22948-vmware-vcenter-server-sensitive-information-disclosure-vulnerability/" data-width="450" data-height="The pixel height of the plugin" data-colorscheme="light" data-layout="box_count" data-action="like" data-show-faces="false" data-send="false"></div> </li> <li> <!-- G+ button --> <!-- Place this tag where you want the +1 button to render. --> <div class="g-plusone" data-size="tall" data-href=""></div> <!-- Place this tag after the last +1 button tag. --> <script type="text/javascript"> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script> </li> <li> <!-- Twitter button --> <a href="https://twitter.com/share" class="twitter-share-button" data-url="" data-via="" data-lang="en" data-related="anywhereTheJavascriptAPI" data-count="vertical">Tweet</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> </li> <li> <!-- Linkedin button --> <script src="//platform.linkedin.com/in.js" type="text/javascript"></script> <script type="IN/Share" data-url="" data-counter="top"></script> </li> <li> <!-- StumbleUpon button --> <!-- Place this tag where you want the su badge to render --> <su:badge layout="5" location=""> </su:badge> <!-- Place this snippet wherever appropriate --> <script type="text/javascript"> (function() { var li = document.createElement('script'); li.type = 'text/javascript'; li.async = true; li.src = ('https:' == document.location.protocol ? 'https:' : 'http:') + '//platform.stumbleupon.com/1/widgets.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(li, s); })(); </script> </li> </ul> </div> </div> <!--DIV--> </div> <!--modalDialog--> </div> <!--mb_supershare_holder--> <script> jQuery(document).ready(function($) { $is_closed="no"; jQuery(document).scroll(function() { if(jQuery('article').length){ //For typical wordpress templates $afterpost = jQuery("article").position().top + jQuery("article").height()-(jQuery("article").height()/3); } else { //For Thesis framework $afterpost = jQuery(".content").position().top + jQuery(".post_box").height()-(jQuery(".post_box").height()/3); } if(jQuery(window).scrollTop() >= $afterpost && $is_closed=="no"){ jQuery(".mb_supershare_modalDialog").css({"display":"block"}); jQuery(".mb_supershare_modalDialog").animate({opacity:"1"},1000); } else{ jQuery(".mb_supershare_modalDialog").css({"display":"none"}); } }); jQuery(".mb_supershare_close").bind("click", function() { jQuery(".mb_supershare_modalDialog").fadeOut("slow"); $is_closed="yes"; setTimeout(function() { jQuery(".mb_supershare_modalDialog").css({"display":"none"}); }, 2000); }); }); </script> <script type='text/javascript'> const lazyloadRunObserver = () => { const lazyloadBackgrounds = document.querySelectorAll( `.e-con.e-parent:not(.e-lazyloaded)` ); const lazyloadBackgroundObserver = new IntersectionObserver( ( entries ) => { entries.forEach( ( entry ) => { if ( entry.isIntersecting ) { let lazyloadBackground = entry.target; if( lazyloadBackground ) { lazyloadBackground.classList.add( 'e-lazyloaded' ); } lazyloadBackgroundObserver.unobserve( entry.target ); } }); }, { rootMargin: '200px 0px 200px 0px' } ); lazyloadBackgrounds.forEach( ( lazyloadBackground ) => { lazyloadBackgroundObserver.observe( lazyloadBackground ); } ); }; const events = [ 'DOMContentLoaded', 'elementor/lazyload/observe', ]; events.forEach( ( event ) => { document.addEventListener( event, lazyloadRunObserver ); } ); </script> <script type="text/javascript" src="https://unifiedguru.com/wp-includes/js/dist/hooks.min.js?ver=4d63a3d491d11ffd8ac6" id="wp-hooks-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6" id="wp-i18n-js"></script> <script type="text/javascript" id="wp-i18n-js-after"> /* <![CDATA[ */ wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.0.2" id="swv-js"></script> <script type="text/javascript" id="contact-form-7-js-before"> /* <![CDATA[ */ var wpcf7 = { "api": { "root": "https:\/\/unifiedguru.com\/wp-json\/", "namespace": "contact-form-7\/v1" } }; /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.0.2" id="contact-form-7-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.bxslider.js?ver=6.7.1" id="bxslider-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.ticker.js?ver=6.7.1" id="ticker-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.mCustomScrollbar.min.js?ver=1.0.0" id="mCustomScrollbar-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.mousewheel.min.js?ver=2.0.19" id="mousewheel-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/navigation.js?ver=20120206" id="profitmag-navigation-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/keyboard-navigation.js?ver=20120206" id="profitmag-keyboard-navigation-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/custom.js?ver=1.0" id="profitmag-custom-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jail.js?ver=5.4.1" id="jail-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jquery-mousewheel/jquery.mousewheel.min.js?ver=3.0.6" id="scrolling-js-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jquery.easing.1.3.js?ver=1.3" id="jquery-easing-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/slidedeck.jquery.js?ver=1.4.1" id="slidedeck-library-js-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/slidedeck-public.js?ver=5.4.1" id="slidedeck-public-js"></script> <script type="text/javascript" src="https://platform.twitter.com/widgets.js?ver=1316526300" id="twitter-intent-api-js"></script> <script type="text/javascript" id="fifu-json-ld-js-extra"> /* <![CDATA[ */ var fifuJsonLd = {"url":"https:\/\/www.tenable.com\/sites\/default\/files\/styles\/640x360\/public\/images\/articles\/Blog-Research-CEA-Medium-Max-Quality_12.jpg?itok=wtJpC6QD"}; /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/featured-image-from-url/includes/html/js/json-ld.js?ver=4.9.5" id="fifu-json-ld-js"></script> <script type="text/javascript"> var slideDeck2URLPath = "https://unifiedguru.com/wp-content/plugins/slidedeck"; var slideDeck2iframeByDefault = false; </script> </body> </html>