Vulnerability Details : CVE-2022-26923

Active Directory Domain Services Elevation of Privilege Vulnerability.
Vulnerability category: Gain privilege
Published 2022-05-10 21:15:10
Updated 2022-05-18 19:14:10
View at NVD,
CVE-2022-26923 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.
Added on 2022-08-18 Action due date 2022-09-08

Exploit prediction scoring system (EPSS) score for CVE-2022-26923

Probability of exploitation activity in the next 30 days: 0.70%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2022-26923

  • Active Directory Certificate Services (ADCS) privilege escalation (Certifried)
    This module exploits a privilege escalation vulnerability in Active Directory Certificate Services (ADCS) to generate a valid certificate impersonating the Domain Controller (DC) computer account. This certificate is then used to authenticate to the target as the DC account using PKINIT preauthentication mechanism. The module will get and cache the Ticket-Granting-Ticket (TGT) for this account along with its NTLM hash. Finally, it requests a TGS impersonating a privileged user (Administrator by default). This TGS can then be used by other modules or external tools. Authors: - Oliver Lyak - CravateRouge - Erik Wynter - Christophe De La Fuente

CVSS scores for CVE-2022-26923

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
[email protected]
[email protected]

References for CVE-2022-26923

Products affected by CVE-2022-26923

This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to terms of use!