Vulnerability Details : CVE-2022-26923
Active Directory Domain Services Elevation of Privilege Vulnerability.
Vulnerability category: Gain privilege
CVE-2022-26923
is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.
Notes:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923
Added on
2022-08-18
Action due date
2022-09-08
Exploit prediction scoring system (EPSS) score for CVE-2022-26923
Probability of exploitation activity in the next 30 days: 0.70%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2022-26923
-
Active Directory Certificate Services (ADCS) privilege escalation (Certifried)
auxiliary/admin/dcerpc/cve_2022_26923_certifriedThis module exploits a privilege escalation vulnerability in Active Directory Certificate Services (ADCS) to generate a valid certificate impersonating the Domain Controller (DC) computer account. This certificate is then used to authenticate to the target as the DC account using PKINIT preauthentication mechanism. The module will get and cache the Ticket-Granting-Ticket (TGT) for this account along with its NTLM hash. Finally, it requests a TGS impersonating a privileged user (Administrator by default). This TGS can then be used by other modules or external tools. Authors: - Oliver Lyak - CravateRouge - Erik Wynter - Christophe De La Fuente
CVSS scores for CVE-2022-26923
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
[email protected] |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
[email protected] |
References for CVE-2022-26923
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26923
Patch;Vendor Advisory
Products affected by CVE-2022-26923
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*
- cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*
- cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*
- cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*
- cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*
- cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*
- cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*